Useldd
tocheck
whic
hlibra
ries
are
used
by
the
executa
ble
and
where
they
are
locate
d.
This
com
mand is a
lso u
sed t
o c
heck if a s
hare
d lib
rary
is m
issin
g o
r if t
he e
xecuta
ble
is s
tatic.
# ldd /sbin/ifconfig
22
.5S
imp
le M
ak
efil
e
The
corr
espondin
gm
inim
alM
akefile
for
the
multi-
sourc
epro
gra
mis
show
nbelo
w.
The
lines
with
instr
uctions
must
begin
with a
tab!
The b
ack s
lash "
\" c
an b
e u
sed t
o c
ut
long lin
es.
CC
= g++
CFLAGS
= -O
OBJS
= IPv4.o simplecpp.o
simplecpp: ${OBJS}
${CC} -o simplecpp ${CFLAGS} ${OBJS}
clean:
rm -f ${TARGET} ${OBJS}
23
ON
LI
NE
H
EL
P
23
.1D
oc
um
en
ta
tio
n
Lin
ux D
ocum
enta
tion
en.t
ldp.o
rg
Lin
ux M
an P
ages
ww
w.lin
uxm
anpages.c
om
Lin
ux c
om
mands d
irecto
ryw
ww
.ore
illy
net.
com
/lin
ux/c
md
Lin
ux d
oc m
an h
ow
tos
linux.d
ie.n
et
Fre
eBSD
Handbook
ww
w.f
reebsd.o
rg/h
andbook
Fre
eBSD
Man P
ages
ww
w.f
reebsd.o
rg/c
gi/
man.c
gi
Fre
eBSD
user
wik
iw
ww
.fre
ebsdw
iki.net
Sola
ris M
an P
ages
docs.s
un.c
om
/app/d
ocs/c
oll/4
0.1
0
23
.2O
th
er U
nix
/L
inu
x r
efe
re
nc
es
Rosett
a S
tone for
Unix
bham
i.com
/rosett
a.h
tml (a
Unix
com
mand t
ransla
tor)
Unix
guid
e c
ross r
efe
rence
unix
guid
e.n
et/
unix
guid
e.s
htm
l
Lin
ux c
om
mands lin
e lis
tw
ww
.lin
uxguid
e.it/
com
mands_list.
php
Short
Lin
ux r
efe
rence
ww
w.p
ixelb
eat.
org
/cm
dline.h
tml
That's a
ll folk
s!
This
docum
ent:
"Unix
Toolb
ox
revis
ion
11"
islicensed
under
aCre
ative
Com
mons
Lic
ence
[Att
ribution -
Share
Alike].
©Colin B
ars
chel2007-2
008.
Som
e r
ights
reserv
ed.
— O
nline H
elp
—
52
UN
IX
T
OO
LB
OX
This
docum
ent
isa
collection
of
Unix
/Lin
ux/B
SD
com
mands
and
tasks
whic
hare
usefu
lfo
rIT
work
or
for
advanced
users
.This
isa
pra
ctical
guid
ew
ith
concis
eexpla
nations,
how
ever
the
reader
is s
upposed t
o k
now
what
s/h
e is d
oin
g.
1.
Syste
m .
.
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. 2
2.
Pro
cesses
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
7
3.
File S
yste
m .
.
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. 8
4.
Netw
ork
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
13
5.
SSH
SCP
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
.
20
6.
VPN
with S
SH
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
.
23
7.
RSYN
C .
.
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
25
8.
SU
DO
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
.
26
9.
Encry
pt
Files
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
.
27
10.
Encry
pt
Part
itio
ns
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
.
27
11.
SSL C
ert
ific
ate
s .
.
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
30
12.
CVS .
.
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
31
13.
SVN
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
.
34
14.
Usefu
l Com
mands
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
.
36
15.
Insta
ll S
oft
ware
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
40
16.
Convert
Media
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
.
41
17.
Printing
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
43
18.
Data
bases .
.
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
.
43
19.
Dis
k Q
uota
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
45
20.
Shells .
.
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
.
46
21.
Scripting
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
.
48
22.
Pro
gra
mm
ing
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
.
50
23.
Online H
elp
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
52
Unix
Toolb
ox r
evis
ion 1
1The
late
st
vers
ion
of
this
docum
ent
can
be
found
at
htt
p:/
/cb.v
u/u
nix
toolb
ox.x
htm
l.Repla
ce
.xhtm
lon
the
link
with
.pdf
for
the
PD
Fvers
ion
and
with
.book.p
df
for
the
bookle
tvers
ion.
On
aduple
x p
rinte
r th
e b
ookle
t w
ill cre
ate
a s
mall b
ook r
eady t
o b
ind.
Err
or
report
s a
nd c
om
ments
are
most
welc
om
e -
c@
cb.v
uColin B
ars
chel.
1S
YS
TE
M
Hard
ware
(p2)
|Sta
tistic
s(p
2)
|U
sers
(p3)
|Lim
its(p
3)
|Runle
vels
(p4)
|ro
ot
passw
ord
(p5)
|Com
pile
kern
el(p
6)
Runnin
g k
ern
el a
nd s
yste
m in
form
atio
n
# uname -a
# Get the kernel version (and BSD version)
# cat /etc/SuSE-release
# Get SuSE version
# cat /etc/debian_version
# Get Debian version
Use
/etc
/DISTR-re
lease
with
DISTR=
lsb
(Ubuntu
),re
dhat,
gento
o,
mandra
ke,
sun
(Sola
ris),
and
so o
n.
# uptime
# Show how long the system has been running + load
# hostname
# system's host name
# hostname -i
# Display the IP address of the host.
# man hier
# Description of the file system hierarchy
# last reboot
# Show system reboot history
1.1
Ha
rd
wa
re
In
fo
rm
atio
ns
Kern
el d
ete
cte
d h
ard
ware
# dmesg
# Detected hardware and boot messages
# lsdev
# information about installed hardware
# dd if=/dev/mem bs=1k skip=768 count=256 2>/dev/null | strings -n 8
# Read BIOS
Lin
ux
# cat /proc/cpuinfo
# CPU model
# cat /proc/meminfo
# Hardware memory
# grep MemTotal /proc/meminfo
# Display the physical memory
# watch -n1 'cat /proc/interrupts'
# Watch changeable interrupts continuously
# free -m
# Used and free memory (-m for MB)
# cat /proc/devices
# Configured devices
# lspci -tv
# Show PCI devices
# lsusb -tv
# Show USB devices
# lshal
# Show a list of all devices with their properties
# dmidecode
# Show DMI/SMBIOS: hw info from the BIOS
Fre
eB
SD
# sysctl hw.model
# CPU model
# sysctl hw
# Gives a lot of hardware information
# sysctl vm
# Memory usage
# dmesg | grep "real mem"
# Hardware memory
# sysctl -a | grep mem
# Kernel memory settings and info
# sysctl dev
# Configured devices
# pciconf -l -cv
# Show PCI devices
# usbdevs -v
# Show USB devices
# atacontrol list
# Show ATA devices
1.2
Lo
ad
, sta
tis
tic
s a
nd
me
ss
ag
es
The fo
llow
ing c
om
mands a
re u
sefu
l to fin
d o
ut w
hat is
goin
g o
n o
n th
e s
yste
m.
# top
# display and update the top cpu processes
# mpstat 1
# display processors related statistics
# vmstat 2
# display virtual memory statistics
# iostat 2
# display I/O statistics (2 s intervals)
# systat -vmstat 1
# BSD summary of system statistics (1 s intervals)
— S
yste
m —
2
has
am
em
ber
toconvert
an
IPaddre
ss
inin
teger
form
at
toth
eknow
nquad
form
at.
This
isa
min
imal c
++
pro
gra
m w
ith a
cla
ss a
nd m
ulti-s
ourc
e c
om
pile
.
IP
v4
cla
ss
IPv4
.h:
#ifndef
IPV4_H
#define
IPV4_H
#include
<string>
namespace
GenericUtils {
// create a namespace
class
IPv4 {
// class definition
public:
IPv4();
~IPv4();
std::string IPint_to_IPquad(unsigned
long
ip);// member interface
};
}//namespace GenericUtils
#endif
// IPV4_H
IPv4
.cpp:
#include
"IPv4.h"
#include
<string>
#include
<sstream>
using
namespace
std;
// use the namespaces
using
namespace
GenericUtils;
IPv4::IPv4() {}
// default constructor/destructor
IPv4::~IPv4() {}
string IPv4::IPint_to_IPquad(unsigned
long
ip) {
// member implementation
ostringstream ipstr;
// use a stringstream
ipstr << ((ip &0xff000000) >> 24)
// Bitwise right shift
<< "." << ((ip &0x00ff0000) >> 16)
<< "." << ((ip &0x0000ff00) >> 8)
<< "." << ((ip &0x000000ff));
return
ipstr.str();
}Th
e p
ro
gra
m s
imp
lecp
p.c
pp
#include
"IPv4.h"
#include
<iostream>
#include
<string>
using
namespace
std;
int
main (int
argc,
char* argv[]) {
string ipstr;
// define variables
unsigned
long
ipint = 1347861486;
// The IP in integer form
GenericUtils::IPv4 iputils;
// create an object of the class
ipstr = iputils.IPint_to_IPquad(ipint);
// call the class member
cout << ipint << " = " << ipstr << endl;
// print the result
return
0;
}Com
pile
and e
xecute
with
:
# g++ -c IPv4.cpp simplecpp.cpp
# Compile in objects
# g++ IPv4.o simplecpp.o -o simplecpp.exe
# Link the objects to final executable
# ./simplecpp.exe
1347861486 = 80.86.187.238
— P
rogra
mm
ing —
51
appro
priate
.If
the
file
auth
orized_keys2
does
not
exis
tyet,
sim
ply
copy
id_dsa.p
ub
toauth
orized_keys2 a
nd u
plo
ad it.
# ssh-keygen -t dsa -N ''
# Creates a public and a private key
# rsync user@server:.ssh/authorized_keys2 .
# Copy the file locally from the server
# cat id_dsa.pub >> authorized_keys2
# Or use an editor to add the key
# rsync authorized_keys2 user@server:.ssh/
# Copy the file back to the server
# del authorized_keys2
# Remove the local copy
Now
test
it w
ith (
in o
ne lin
e):
rsync -rv "/cygdrive/c/Documents and Settings/%USERNAME%/My Documents/" \
'user@server:My\ Documents/'
Au
to
ma
tic
ba
ck
up
Use
abatc
hfile
toauto
mate
the
backup
and
add
the
file
inth
eschedule
dta
sks
(Pro
gra
ms
->Accessories
->Syste
mTools
->Schedule
dTasks).
For
exam
ple
cre
ate
the
file
backup.b
at
and
repla
ce u
ser@
serv
er.
@ECHO OFF
REM rsync the directory My Documents
SETLOCAL
SET CWRSYNCHOME=C:\PROGRAM FILES\CWRSYNC
SET CYGWIN=nontsec
SET CWOLDPATH=%PATH%
REM uncomment the next line when using cygwin
SET PATH=%CWRSYNCHOME%\BIN;%PATH%
echo Press Control-C to abort
rsync -av "/cygdrive/c/Documents and Settings/%USERNAME%/My Documents/" \
'user@server:My\ Documents/'
pause
8S
UD
O
Sudo
isa
sta
ndard
way
togiv
eusers
som
eadm
inis
trative
rights
without
giv
ing
out
the
root
passw
ord
.Sudo
isvery
usefu
lin
am
ulti
user
environm
ent
with
am
ixof
serv
er
and
work
sta
tions.
Sim
ply
call t
he c
om
mand w
ith s
udo:
# sudo /etc/init.d/dhcpd restart
# Run the rc script as root
# sudo -u sysadmin whoami
# Run cmd as an other user
8.1
Co
nfig
ura
tio
n
Sudo
isconfigure
din
/etc/sudoers
and
must
only
be
edited
withvisudo.
The
basic
synta
xis
(the lis
ts a
re c
om
ma s
epara
ted):
user hosts = (runas) commands
# In /etc/sudoers
users
one o
r m
ore
users
or
%gro
up (
like %
wheel)
to g
ain
the r
ights
hosts
list
of hosts
(or
ALL)
runas
list
of users
(or
ALL)
that
the c
om
mand r
ule
can b
e r
un a
s.
It is e
nclo
sed in (
)!
commands
list
of com
mands (
or
ALL)
that
will be r
un a
s r
oot
or
as (
runas)
Additio
nally
those
keyw
ord
scan
be
defined
as
alias,
they
are
called
User_
Alias,
Host_
Alias,
Runas_Alias a
nd C
mnd_Alias.
This
is u
sefu
l fo
r la
rger
setu
ps.
Here
a s
udoers
exam
ple
:
# cat /etc/sudoers
# Host aliases are subnets or hostnames.
Host_Alias DMZ = 212.118.81.40/28
Host_Alias DESKTOP = work1, work2
# User aliases are a list of users which can have the same rights
— S
UD
O —
26
# systat -tcp 1
# BSD tcp connections (try also -ip)
# systat -netstat 1
# BSD active network connections
# systat -ifstat 1
# BSD network traffic through active interfaces
# systat -iostat 1
# BSD CPU and and disk throughput
# tail -n 500 /var/log/messages
# Last 500 kernel/syslog messages
# tail /var/log/warn
# System warnings messages see syslog.conf
1.3
Us
ers
# id
# Show the active user id with login and group
# last
# Show last logins on the system
# who
# Show who is logged on the system
# groupadd admin
# Add group "admin" and user colin (Linux/Solaris)
# useradd -c "Colin Barschel" -g admin -m colin
# userdel colin
# Delete user colin (Linux/Solaris)
# adduser joe
# FreeBSD add user joe (interactive)
# rmuser joe
# FreeBSD delete user joe (interactive)
# pw groupadd admin
# Use pw on FreeBSD
# pw groupmod admin -m newmember
# Add a new member to a group
# pw useradd colin -c "Colin Barschel" -g admin -m -s /bin/tcsh
# pw userdel colin; pw groupdel admin
Encry
pte
dpassw
ord
sare
sto
red
in/e
tc/s
hadow
for
Lin
ux
and
Sola
ris
and
/etc
/maste
r.passw
don
Fre
eBSD
.If
the
maste
r.passw
dis
modifie
dm
anually
(say
todele
tea
passw
ord
),ru
n#
pwd_mkdb -p master.passwd
to r
ebuild t
he d
ata
base.
To
tem
pora
rily
pre
vent
login
ssyste
mw
ide
(for
all
users
but
root)
use
nolo
gin
.The
message
innolo
gin
will be d
ispla
yed.
# echo "Sorry no login now" > /etc/nologin
# (Linux)
# echo "Sorry no login now" > /var/run/nologin
# (FreeBSD)
1.4
Lim
its
Som
eapplication
require
hig
her
lim
its
on
open
file
sand
sockets
(lik
ea
pro
xy
web
serv
er,
data
base).
The d
efa
ult lim
its a
re u
sually t
oo low
.
Lin
ux
Per s
hell/scrip
t
The
shell
lim
its
are
govern
ed
byulimit.
The
sta
tus
ischecked
withulimit
-a.
For
exam
ple
to
change t
he o
pen files lim
it fro
m 1
024 t
o 1
0240 d
o:
# ulimit -n 10240
# This is only valid within the shell
Theulimit
com
mand c
an b
e u
sed in a
script
to c
hange t
he lim
its for
the s
cript
only
.
Per u
ser/process
Login
users
and a
pplications c
an b
e c
onfigure
d in/etc/security/limits.conf.
For
exam
ple
:
# cat /etc/security/limits.conf
* hard nproc 250
# Limit user processes
asterisk hard nofile 409600
# Limit application open files
Syste
m w
ide
Kern
el lim
its a
re s
et
with s
ysctl.
Perm
anent
lim
its a
re s
et
in/etc/sysctl.conf.
# sysctl -a
# View all system limits
# sysctl fs.file-max
# View max open files limit
# sysctl fs.file-max=102400
# Change max open files limit
# cat /etc/sysctl.conf
— S
yste
m —
3
fs.file-max=102400
# Permanent entry in sysctl.conf
# cat /proc/sys/fs/file-nr
# How many file descriptors are in use
Fre
eB
SD
Per s
hell/
scrip
t
Use th
e c
om
mandlimits
in c
sh o
r tcsh o
r as in
Lin
ux, u
seulimit
in a
n s
h o
r bash s
hell.
Per u
ser/process
The
defa
ult
limits
on
login
are
set
in/etc/login.conf.
An
unlim
ited
valu
eis
still
limite
dby
the
syste
m m
axim
al v
alu
e.
Syste
m w
ide
Kern
el
limits
are
als
oset
with
sysctl.
Perm
anent
limits
are
set
in/etc/sysctl.conf
or/boot/
loader.conf. T
he s
ynta
x is
the s
am
e a
s L
inux b
ut th
e k
eys a
re d
iffere
nt.
# sysctl -a
# View all system limits
# sysctl kern.maxfiles=XXXX
# maximum number of file descriptors
kern.ipc.nmbclusters=32768
# Permanent entry in /etc/sysctl.conf
kern.maxfiles=65536
# Typical values for Squid
kern.maxfilesperproc=32768
kern.ipc.somaxconn=8192
# TCP queue. Better for apache/sendmail
# sysctl kern.openfiles
# How many file descriptors are in use
# sysctl kern.ipc.numopensockets
# How many open sockets are in use
See T
he
Fre
eBSD
handbook C
hapte
r 11
1fo
r deta
ils.
So
laris
The fo
llow
ing v
alu
es in
/etc/system
will in
cre
ase th
e m
axim
um
file d
escrip
tors
per p
roc:
set rlim_fd_max = 4096
# Hard limit on file descriptors for a single proc
set rlim_fd_cur = 1024
# Soft limit on file descriptors for a single proc
1.5
Ru
nle
ve
ls
Lin
ux
Once
boote
d,
the
kern
elsta
rtsinit
whic
hth
en
sta
rtsrc
whic
hsta
rtsall
scrip
tsbelo
ngin
gto
a
runle
vel.
The
scrip
tsare
sto
red
in/e
tc/in
it.dand
are
linked
into
/etc
/rc.d
/rcN
.dw
ithN
the
runle
vel n
um
ber.
The d
efa
ult ru
nle
vel is
config
ure
d in
/etc
/initta
b. It is
usually
3 o
r 5:
# grep default: /etc/inittab
id:3:initdefault:
The
actu
alru
nle
vel(th
elis
tis
show
nbelo
w)
can
be
changed
with
init.
For
exam
ple
togo
from
3 to
5:
# init 5
# Enters runlevel 5
0Shutd
ow
n a
nd h
alt
1Sin
gle
-User m
ode (a
lso S
)2
Multi-u
ser w
ithout n
etw
ork
3M
ulti-u
ser w
ith n
etw
ork
5M
ulti-u
ser w
ith X
6Reboot
Usechkconfig
to c
onfig
ure
the p
rogra
ms th
at w
ill be s
tarte
d a
t boot in
a ru
nle
vel.
# chkconfig --list
# List all init scripts
# chkconfig --list sshd
# Report the status of sshd
1.h
ttp://w
ww
.freebsd.o
rg/h
andbook/c
onfig
tunin
g-k
ern
el-lim
its.h
tml
— S
yste
m —
4
7R
SY
NC
Rsync
can
alm
ost
com
ple
tely
repla
ce
cp
and
scp,
furth
erm
ore
inte
rrupte
dtra
nsfe
rsare
effic
iently
resta
rted.
Atra
iling
sla
sh
(and
the
absence
there
of)
has
diffe
rent
meanin
gs,
the
man
page is
good... H
ere
som
e e
xam
ple
s:
Copy th
e d
irecto
ries w
ith fu
ll conte
nt:
# rsync -a /home/colin/ /backup/colin/
# rsync -a /var/ /var_bak/
# rsync -aR --delete-during /home/user/ /backup/
# use relative (see below)
Sam
eas
befo
rebut
over
the
netw
ork
and
with
com
pre
ssio
n.
Rsync
uses
SSH
for
the
transport
per d
efa
ult a
nd w
ill use th
e s
sh k
ey if th
ey a
re s
et. U
se ":" a
s w
ith S
CP. A
typic
al re
mote
copy:
# rsync -axSRzv /home/user/ user@server:/backup/user/
Exclu
de
any
dire
cto
rytm
pw
ithin
/hom
e/u
ser/
and
keep
the
rela
tive
fold
ers
hie
rarc
hy,
that
isth
ere
mote
dire
cto
ryw
illhave
the
stru
ctu
re/b
ackup/h
om
e/u
ser/.
This
isty
pic
ally
used
for
backups.
# rsync -azR --exclude /tmp/ /home/user/ user@server:/backup/
Use p
ort 2
0022 fo
r the s
sh c
onnectio
n:
# rsync -az -e 'ssh -p 20022' /home/colin/ user@server:/backup/colin/
Usin
gth
ers
ync
daem
on
(used
with
"::")is
much
faste
r,but
not
encry
pte
dover
ssh.
The
locatio
nof
/backup
isdefin
ed
by
the
config
ura
tion
in/e
tc/rs
yncd.c
onf.
The
varia
ble
RSYN
C_PASSW
ORD
can b
e s
et to
avoid
the n
eed to
ente
r the p
assw
ord
manually
.
# rsync -axSRz /home/ ruser@hostname::rmodule/backup/
# rsync -axSRz ruser@hostname::rmodule/backup/ /home/
# To copy back
Som
e im
porta
nt o
ptio
ns:
-a, --archive
arc
hiv
e m
ode; s
am
e a
s -rlp
tgoD
(no -H
)
-r, --recursive
recurs
e in
to d
irecto
ries
-R, --relative
use re
lativ
e p
ath
nam
es
-H, --hard-links
pre
serv
e h
ard
links
-S, --sparse
handle
spars
e file
s e
fficie
ntly
-x, --one-file-system
don't c
ross file
syste
m b
oundarie
s
--exclude=PATTERN
exclu
de file
s m
atc
hin
g P
ATTERN
--delete-during
receiv
er d
ele
tes d
urin
g x
fer, n
ot b
efo
re
--delete-after
receiv
er d
ele
tes a
fter tra
nsfe
r, not b
efo
re
7.1
Rs
yn
c o
n W
ind
ow
s
Rsync
isavaila
ble
for
Win
dow
sth
rough
cygw
inor
as
sta
nd-a
lone
packaged
incw
rsync
7.This
isvery
convenie
nt
for
auto
mate
dbackups.
Insta
llone
of
them
(not
both
)and
add
the
path
toth
eW
indow
ssyste
mvaria
ble
s:
#Contro
lPanel
->Syste
m->
tab
Advanced,
butto
nEnviro
nm
ent
Varia
ble
s.
Edit
the
"Path
"syste
mvaria
ble
and
add
the
full
path
toth
ein
sta
lled
rsync,
e.g
.C:\P
rogra
mFile
s\c
wRsync\b
inor
C:\c
ygw
in\b
in.
This
way
the
com
mandsrsync
andssh
are
availa
ble
in a
Win
dow
s c
om
mand s
hell.
Pu
blic
ke
y a
uth
en
tic
atio
n
Rsync
isauto
matic
ally
tunnele
dover
SSH
and
thus
uses
the
SSH
auth
entic
atio
non
the
serv
er.
Auto
matic
backups
have
toavoid
auser
inte
ractio
n,
for
this
the
SSH
public
key
auth
entic
atio
ncan b
e u
sed a
nd th
e rs
ync c
om
mand w
ill run w
ithout a
passw
ord
.All
the
follo
win
gcom
mands
are
execute
dw
ithin
aW
indow
sconsole
.In
aconsole
(Sta
rt->
Run
->cm
d)
cre
ate
and
uplo
ad
the
key
as
describ
ed
inSSH
,change
"user"
and
"serv
er"
as
7.h
ttp://s
ourc
efo
rge.n
et/p
roje
cts
/sere
ds
— R
SYN
C —
25
cli>#
ifconfig tun5 10.0.1.2 netmask 255.255.255.252
# Client is on Linux
cli>#
ifconfig tun5 10.0.1.2 10.0.1.1
# Client is on FreeBSD
The
two
hosts
are
now
connecte
dand
can
transpare
ntly
com
munic
ate
with
any
layer
3/4
pro
tocol usin
g t
he t
unnel IP
addre
sses.
6.2
Co
nn
ec
t t
wo
ne
tw
ork
s
Inadditio
nto
the
p2p
setu
pabove,
itis
more
usefu
lto
connect
two
private
netw
ork
sw
ith
an
SSH
VPN
usin
gtw
ogate
s.
Suppose
for
the
exam
ple
,netA
is192.1
68.5
1.0
/24
and
netB
192.1
68.1
6.0
/24.
The
pro
cedure
issim
ilar
as
above,
we
only
need
toadd
the
routing.
NAT
must
be
activate
don
the
private
inte
rface
only
ifth
egate
sare
not
the
sam
eas
the
defa
ult
gate
way
of th
eir n
etw
ork
.192.1
68.5
1.0
/24 (
netA
)|gate
A <
-> g
ate
B|1
92.1
68.1
6.0
/24 (
netB
)•
Connect
with S
SH
usin
g t
he t
unnel option -
w.
•Configure
the I
P a
ddre
sses o
f th
e t
unnel. O
nce o
n t
he s
erv
er
and o
nce o
n t
he c
lient.
•Add t
he r
outing for
the t
wo n
etw
ork
s.
•If
necessary
, activate
NAT o
n t
he p
rivate
inte
rface o
f th
e g
ate
.The s
etu
p is
sta
rted fro
m g
ate
A in n
etA
.
Co
nn
ect f
ro
m g
ate
A t
o g
ate
B
Connection is s
tart
ed fro
m g
ate
A a
nd c
om
mands a
re e
xecute
d o
n g
ate
B.
gate
B i
s o
n L
inux
gateA>#
ssh -w5:5 root@gateB
gateB>#
ifconfig tun5 10.0.1.1 netmask 255.255.255.252
# Executed on the gateB shell
gateB>#
route add -net 192.168.51.0 netmask 255.255.255.0 dev tun5
gateB>#
echo 1 > /proc/sys/net/ipv4/ip_forward
# Only needed if not default gw
gateB>#
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
gate
B i
s o
n F
reeB
SD
gateA>#
ssh -w5:5 root@gateB
# Creates the tun5 devices
gateB>#
ifconfig tun5 10.0.1.1 10.0.1.2
# Executed on the gateB shell
gateB>#
route add 192.168.51.0/24 10.0.1.2
gateB>#
sysctl net.inet.ip.forwarding=1
# Only needed if not default gw
gateB>#
natd -s -m -u -dynamic -n fxp0
# see
NAT
(page 15)
gateA>#
sysctl net.inet.ip.fw.enable=1
Co
nfig
ure
ga
te
A
Com
mands e
xecute
d o
n g
ate
A:
gate
A i
s o
n L
inux
gateA>#
ifconfig tun5 10.0.1.2 netmask 255.255.255.252
gateA>#
route add -net 192.168.16.0 netmask 255.255.255.0 dev tun5
gateA>#
echo 1 > /proc/sys/net/ipv4/ip_forward
gateA>#
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
gate
A i
s o
n F
reeB
SD
gateA>#
ifconfig tun5 10.0.1.2 10.0.1.1
gateA>#
route add 192.168.16.0/24 10.0.1.2
gateA>#
sysctl net.inet.ip.forwarding=1
gateA>#
natd -s -m -u -dynamic -n fxp0
# see
NAT
(page 15)
gateA>#
sysctl net.inet.ip.fw.enable=1
The
two
private
netw
ork
sare
now
transpare
ntly
connecte
dvia
the
SSH
VPN
.The
IPfo
rward
and
NAT
sett
ings
are
only
necessary
ifth
egate
sare
not
the
defa
ult
gate
ways.
Inth
iscase
the
clients
would
not
know
where
to forw
ard
the r
esponse,
and n
at
must
be a
ctivate
d.
— V
PN
with S
SH
—
24
# chkconfig sshd --level 35 on
# Configure sshd for levels 3 and 5
# chkconfig sshd off
# Disable sshd for all runlevels
Debia
nand
Debia
nbased
dis
trib
utions
like
Ubuntu
or
Knoppix
use
the
com
mandupdate-rc.d
to m
anage t
he r
unle
vels
scripts
. D
efa
ult is t
o s
tart
in 2
,3,4
and 5
and s
hutd
ow
n in 0
,1 a
nd 6
.
# update-rc.d sshd defaults
# Activate sshd with the default runlevels
# update-rc.d sshd start 20 2 3 4 5 . stop 20 0 1 6 .
# With explicit arguments
# update-rc.d -f sshd remove
# Disable sshd for all runlevels
# shutdown -h now (or # poweroff)
# Shutdown and halt the system
Fre
eB
SD
The
BSD
boot
appro
ach
isdiffe
rent
from
the
SysV,
there
are
no
runle
vels
.The
final
boot
sta
te(s
ingle
user,
with
or
without
X)
isconfigure
din
/etc/ttys.
All
OS
scripts
are
locate
din
/etc/
rc.d/
and
in/usr/local/etc/rc.d/
for
third-p
art
yapplications.
The
activation
of
the
serv
ice
is
configure
din
/etc/rc.conf
and/etc/rc.conf.local.
The
defa
ult
behavio
ris
configure
din
/etc/defaults/rc.conf.
The s
cripts
responds a
t le
ast
to s
tart
|sto
p|s
tatu
s.
# /etc/rc.d/sshd status
sshd is running as pid 552.
# shutdown now
# Go into single-user mode
# exit
# Go back to multi-user mode
# shutdown -p now
# Shutdown and halt the system
# shutdown -r now
# Reboot
The
pro
cessinit
can
als
obe
used
tore
ach
one
of
the
follow
ing
sta
tes
level.
For
exam
ple
#
init 6
for
reboot.
0H
alt a
nd t
urn
the p
ow
er
off (
sig
nalUSR2)
1G
o t
o s
ingle
-user
mode (
sig
nalTERM)
6Reboot
the m
achin
e (
sig
nalINT)
cBlo
ck furt
her
login
s (
sig
nalTSTP)
qRescan t
he t
tys(5
) file
(sig
nalHUP)
1.6
Re
se
t r
oo
t p
as
sw
ord
Lin
ux
me
th
od
1
At
the b
oot
loader
(lilo o
r gru
b),
ente
r th
e follow
ing b
oot
option:
init=/bin/sh
The
kern
el
will
mount
the
root
part
itio
nandinit
will
sta
rtth
ebourn
eshell
inste
ad
ofrc
and
then
aru
nle
vel.
Use
the
com
mandpasswd
at
the
pro
mpt
tochange
the
passw
ord
and
then
reboot.
Forg
et
the s
ingle
user
mode a
s y
ou n
eed t
he p
assw
ord
for
that.
If,
aft
er
booting,
the r
oot
part
itio
n is m
ounte
d r
ead o
nly
, re
mount
it r
w:
# mount -o remount,rw /
# passwd
# or delete the root password (/etc/shadow)
# sync; mount -o remount,ro /
# sync before to remount read only
# reboot
Fre
eB
SD
an
d L
inu
x m
eth
od
2
Fre
eBSD
won't
let
you
go
aw
ay
with
the
sim
ple
init
tric
k.
The
solu
tion
isto
mount
the
root
part
itio
n fro
m a
n o
ther
OS (
like a
rescue C
D)
and c
hange t
he p
assw
ord
on t
he d
isk.
•Boot
a liv
e C
D o
r in
sta
llation C
D into
a r
escue m
ode w
hic
h w
ill giv
e y
ou a
shell.
•Fin
d t
he r
oot
part
itio
n w
ith fdis
k e
.g.
fdis
k /
dev/s
da
•M
ount
it a
nd u
se c
hro
ot:
# mount -o rw /dev/ad4s3a /mnt
# chroot /mnt
# chroot into /mnt
— S
yste
m —
5
# passwd
# reboot
Alte
rnativ
ely
on F
reeBSD
, boot in
sin
gle
user m
ode, re
mount / rw
and u
se p
assw
d.
# mount -u /; mount -a
# will mount / rw
# passwd
# reboot
1.7
Ke
rn
el m
od
ule
s
Lin
ux
# lsmod
# List all modules loaded in the kernel
# modprobe isdn
# To load a module (here isdn)
Fre
eB
SD
# kldstat
# List all modules loaded in the kernel
# kldload crypto
# To load a module (here crypto)
1.8
Co
mp
ile K
ern
el
Lin
ux
# cd /usr/src/linux
# make mrproper
# Clean everything, including config files
# make oldconfig
# Create a new config file from the current kernel
# make menuconfig
# or xconfig (Qt) or gconfig (GTK)
# make
# Create a compressed kernel image
# make modules
# Compile the modules
# make modules_install
# Install the modules
# make install
# Install the kernel
# reboot
Fre
eB
SD
To
modify
and
rebuild
the
kern
el,
copy
the
generic
config
ura
tion
fileto
anew
nam
eand
edit
itas n
eeded. It is
how
ever a
lso p
ossib
le to
edit th
e file
GENERIC
dire
ctly
.
# cd /usr/src/sys/i386/conf/
# cp GENERIC MYKERNEL
# cd /usr/src
# make buildkernel KERNCONF=MYKERNEL
# make installkernel KERNCONF=MYKERNEL
To re
build
the fu
ll OS:
# make buildworld
# Build the full OS but not the kernel
# make buildkernel
# Use KERNCONF as above if appropriate
# make installkernel
# reboot
# mergemaster -p
# Compares only files known to be essential
# make installworld
# mergemaster
# Update all configuration and other files
# reboot
For s
mall c
hanges in
the s
ourc
e, s
om
etim
es th
e s
hort v
ers
ion is
enough:
# make kernel world
# Compile and install both kernel and OS
# mergemaster
# reboot
— S
yste
m —
6
# ssh -L 3022:localhost:2022 admin@gate
# forwards client 3022 to gate:2022
Now
the a
dm
in c
an c
onnect d
irectly
to th
e c
lient c
liuser w
ith:
# ssh -p 3022 admin@localhost
# local:3022 -> gate:2022 -> client:22
Co
nn
ect t
o V
NC
be
hin
d N
AT
Suppose
aW
indow
sclie
nt
with
VN
Clis
tenin
gon
port
5900
has
tobe
accessed
from
behin
dN
AT.
On c
lient c
liwin
to g
ate
:
# ssh -R 15900:localhost:5900 user@gate
On c
lient c
liadm
in (fro
m h
ost to
gate
):
# ssh -L 5900:localhost:15900 admin@gate
Now
the a
dm
in c
an c
onnect d
irectly
to th
e c
lient V
NC w
ith:
# vncconnect -display :0 localhost
6V
PN
W
IT
H S
SH
As
of
vers
ion
4.3
,O
penSSH
can
use
the
tun/ta
pdevic
eto
encry
pt
atu
nnel.
This
isvery
sim
ilar
tooth
er
TLS
based
VPN
solu
tions
like
OpenVPN
.O
ne
advanta
ge
with
SSH
isth
at
there
isno
need
toin
sta
lland
config
ure
additio
nal
softw
are
.Additio
nally
the
tunnel
uses
the
SSH
auth
entic
atio
nlik
epre
share
dkeys.
The
dra
wback
isth
at
the
encapsula
tion
isdone
over
TCP
whic
hm
ight
result
inpoor
perfo
rmance
on
aslo
wlin
k.
Als
oth
etu
nnel
isre
lyin
gon
asin
gle
(fragile
)TCP
connectio
n.
This
techniq
ue
isvery
usefu
lfo
ra
quic
kIP
based
VPN
setu
p.
There
isno
limita
tion
as
with
the
sin
gle
TCP
port
forw
ard
,all
layer
3/4
pro
tocols
like
ICM
P,
TCP/U
DP,
etc
.are
forw
ard
ed
over
the
VPN
.In
any
case,
the
follo
win
goptio
ns
are
needed
inth
esshd_conf
file:
PermitRootLogin yes
PermitTunnel yes
6.1
Sin
gle
P2
P c
on
ne
ctio
n
Here
we
are
connectin
gtw
ohosts
,hclie
nt
and
hserv
er
with
apeer
topeer
tunnel.
The
connectio
nis
sta
rted
from
hclie
nt
tohserv
er
and
isdone
as
root.
The
tunnel
end
poin
tsare
10.0
.1.1
(serv
er)
and
10.0
.1.2
(clie
nt)
and
we
cre
ate
adevic
etu
n5
(this
could
als
obe
an
oth
er
num
ber). T
he p
rocedure
is v
ery
sim
ple
:•
Connect w
ith S
SH
usin
g th
e tu
nnel o
ptio
n -w
•Config
ure
the IP
addre
sses o
f the tu
nnel. O
nce o
n th
e s
erv
er a
nd o
nce o
n th
e c
lient.
Co
nn
ect t
o t
he
se
rv
er
Connectio
n s
tarte
d o
n th
e c
lient a
nd c
om
mands a
re e
xecute
d o
n th
e s
erv
er.
Server is
on L
inux
cli>#
ssh -w5:5 root@hserver
srv>#
ifconfig tun5 10.0.1.1 netmask 255.255.255.252
# Executed on the server shell
Server is
on F
reeB
SD
cli>#
ssh -w5:5 root@hserver
srv>#
ifconfig tun5 10.0.1.1 10.0.1.2
# Executed on the server shell
Co
nfig
ure
th
e c
lien
t
Com
mands e
xecute
d o
n th
e c
lient:
— V
PN
with
SSH
—
23
This
willconnect
togate
and
forw
ard
the
localport
toth
ehost
desth
ost:
destp
ort
.N
ote
desth
ost
isth
edestination
host
as
seen
by
the
gate
,so
ifth
econnection
isto
the
gate
,th
en
desth
ost
islo
calh
ost.
More
than o
ne p
ort
forw
ard
is p
ossib
le.
Dir
ect f
orw
ard
on
th
e g
ate
Let
say
we
want
toaccess
the
CVS
(port
2401)
and
htt
p(p
ort
80)
whic
hare
runnin
gon
the
gate
.This
isth
esim
ple
st
exam
ple
,desth
ost
isth
us
localh
ost,
and
we
use
the
port
8080
locally
inste
ad
of
80
so
we
don't
need
tobe
root.
Once
the
ssh
sessio
nis
open,
both
serv
ices
are
accessib
le o
n t
he local port
s.
# ssh -L 2401:localhost:2401 -L 8080:localhost:80 user@gate
Ne
tb
ios a
nd
re
mo
te
de
sk
to
p f
orw
ard
to
a s
eco
nd
se
rv
er
Let
say
aW
indow
ssm
bserv
er
isbehin
dth
egate
and
isnot
runnin
gssh.
We
need
access
toth
esm
b s
hare
and a
lso r
em
ote
deskto
p t
o t
he s
erv
er.
# ssh -L 139:smbserver:139 -L 3388:smbserver:3389 user@gate
The
sm
bshare
can
now
be
accessed
with
\\127.0
.0.1
\,but
only
ifth
elo
cal
share
isdis
able
d,
because
the local share
is lis
tenin
g o
n p
ort
139.
Itis
possib
leto
keep
the
local
share
enable
d,
for
this
we
need
tocre
ate
anew
virtu
al
devic
ew
ith
anew
IPaddre
ss
for
the
tunnel,
the
sm
bshare
will
be
connecte
dover
this
addre
ss.
Furt
herm
ore
the
local
RD
Pis
already
liste
nin
gon
3389,
so
we
choose
3388.
For
this
exam
ple
let's u
se a
virtu
al IP
of 10.1
.1.1
.•
With
putt
yuse
Sourc
eport
=10.1
.1.1
:139.
Itis
possib
leto
cre
ate
multip
lelo
op
devic
es
and t
unnel. O
n W
indow
s 2
000,
only
putt
y w
ork
ed for
me.
•W
ith
the
ssh.c
om
client,
dis
able
"Allow
local
connections
only
".Sin
ce
ssh.c
om
will
bin
dto
all a
ddre
sses,
only
a s
ingle
share
can b
e c
onnecte
d.
Now
cre
ate
the loopback inte
rface w
ith I
P 1
0.1
.1.1
:•
#Syste
m->
Contr
ol
Panel-
>Add
Hard
ware
#Yes,
Hard
ware
isalready
connecte
d#
Add
a n
ew
hard
ware
devic
e (
at
bott
om
).•
#In
sta
llth
ehard
ware
that
Im
anually
sele
ct
#N
etw
ork
adapte
rs#
Mic
rosoft
,M
icro
soft
Loopback A
dapte
r.•
Configure
the
IPaddre
ss
of
the
fake
devic
eto
10.1
.1.1
mask
255.2
55.2
55.0
,no
gate
way.
•advanced->
WIN
S,
Enable
LM
Hosts
Lookup;
Dis
able
NetB
IOS o
ver
TCP/I
P.
•#
Enable
Client
for
Mic
rosoft
Netw
ork
s.
#D
isable
File
and
Printe
rSharing
for
Mic
rosoft
Netw
ork
s.
IH
AD
tore
boot
for
this
tow
ork
.N
ow
connect
toth
esm
bshare
with
\\10.1
.1.1
and
rem
ote
deskto
p t
o 1
0.1
.1.1
:3388.
Debug
If it
is n
ot
work
ing:
•Are
the p
ort
s forw
ard
ed:
nets
tat
-an? L
ook a
t 0.0
.0.0
:139 o
r 10.1
.1.1
:139
•D
oes t
eln
et
10.1
.1.1
139 c
onnect?
•You n
eed t
he c
heckbox "
Local port
s a
ccept
connections fro
m o
ther
hosts
".•
Is "
File a
nd P
rinte
r Sharing for
Mic
rosoft
Netw
ork
s"
dis
able
d o
n t
he loopback inte
rface?
Co
nn
ect t
wo
cli
en
ts b
eh
ind
NA
T
Suppose
two
clients
are
behin
da
NAT
gate
way
and
client
cliadm
inhas
toconnect
toclient
cliuser
(the
destination),
both
can
login
toth
egate
with
ssh
and
are
runnin
gLin
ux
with
sshd.
You
don't
need
root
access
anyw
here
as
long
as
the
port
son
gate
are
above
1024.
We
use
2022
on g
ate
. Als
o s
ince t
he g
ate
is u
sed locally,
the o
ption G
ate
wayPort
s is n
ot
necessary
.O
n c
lient
cliuser
(fro
m d
estination t
o g
ate
):
# ssh -R 2022:localhost:22 user@gate
# forwards client 22 to gate:2022
On c
lient
cliadm
in (
from
host
to g
ate
):
— S
SH
SCP —
22
2P
RO
CE
SS
ES
Lis
ting
(p7)
|Priority
(p7)
|Backgro
und/F
ore
gro
und
(p7)
|Top
(p7)
|Kill(p
8)
2.1
Lis
tin
g a
nd
PID
s
Each p
rocess h
as a
uniq
ue n
um
ber,
the P
ID.
A lis
t of all r
unnin
g p
rocess is r
etr
ieved w
ithps.
# ps -auxefw
# Extensive list of all running process
How
ever
more
typic
al usage is w
ith a
pip
e o
r w
ithpgrep:
# ps axww | grep cron
586 ?? Is 0:01.48 /usr/sbin/cron -s
# pgrep -l sshd
# Find the PIDs of processes by (part of) name
# fuser -va 22/tcp
# List processes using port 22
# fuser -va /home
# List processes accessing the /home partiton
# strace df
# Trace system calls and signals
# truss df
# same as above on FreeBSD/Solaris/Unixware
# history | tail -50
# Display the last 50 used commands
2.2
Prio
rit
y
Change
the
priority
of
aru
nnin
gpro
cess
withrenice.
Negative
num
bers
have
ahig
her
priority
,
the low
est
is -
20 a
nd "
nic
e"
have a
positiv
e v
alu
e.
# renice -5 586
# Stronger priority
586: old priority 0, new priority -5
Sta
rtth
epro
cess
with
adefined
priority
withnice.
Positiv
eis
"nic
e"
or
weak,
negative
isstr
ong
scheduling
priority
.M
ake
sure
you
know
if/usr/bin/nice
or
the
shell
built-
inis
used
(check
with# which nice).
# nice -n -5 top
# Stronger priority (/usr/bin/nice)
# nice -n 5 top
# Weaker priority (/usr/bin/nice)
# nice +5 top
# tcsh builtin nice (same as above!)
2.3
Ba
ck
gro
un
d/
Fo
re
gro
un
d
When
sta
rted
from
ashell,
pro
cesses
can
be
bro
ught
inth
ebackgro
und
and
back
toth
efo
regro
und
with
[Ctr
l]-[
Z]
(^Z),
bg
andfg.
For
exam
ple
sta
rttw
opro
cesses,
bring
them
inth
e
backgro
und,
list
the p
rocesses w
ithjobs
and b
ring o
ne in t
he fore
gro
und.
# ping cb.vu > ping.log
^Z
# ping is suspended (stopped) with [Ctrl]-[Z]
# bg
# put in background and continues running
# jobs -l
# List processes in background
[1] - 36232 Running ping cb.vu > ping.log
[2] + 36233 Suspended (tty output) top
# fg %2
# Bring process 2 back in foreground
Usenohup
tosta
rta
pro
cess
whic
hhas
tokeep
runnin
gw
hen
the
shell
isclo
sed
(im
mune
to
hangups).
# nohup ping -i 60 > ping.log &
2.4
To
p
The p
rogra
mtop
dis
pla
ys r
unnin
g info
rmation o
f pro
cesses.
# top
— P
rocesses —
7
While
top is
runnin
g p
ress th
e k
ey h
for a
help
overv
iew
. Usefu
l keys a
re:
•u
[u
ser
nam
e]
To
dis
pla
yonly
the
pro
cesses
belo
ngin
gto
the
user.
Use
+or
bla
nk
tosee a
ll users
•k [
pid
]Kill th
e p
rocess w
ith p
id.
•1
To d
ispla
y a
ll pro
cessors
sta
tistic
s (L
inux o
nly
)•
RToggle
norm
al/re
vers
e s
ort.
2.5
Sig
na
ls/
Kill
Term
inate
or s
end a
sig
nal w
ithkill
orkillall.
# ping -i 60 cb.vu > ping.log &
[1] 4712
# kill -s TERM 4712
# same as kill -15 4712
# killall -1 httpd
# Kill HUP processes by exact name
# pkill -9 http
# Kill TERM processes by (part of) name
# pkill -TERM -u www
# Kill TERM processes owned by www
# fuser -k -TERM -m /home
# Kill every process accessing /home (to umount)
Importa
nt s
ignals
are
:1
HUP
(hang u
p)
2INT
(inte
rrupt)
3QUIT
(quit)
9KILL
(non-c
atc
hable
, non-ig
nora
ble
kill)
15
TERM
(softw
are
term
inatio
n s
ignal)
3F
IL
E S
YS
TE
M
Dis
kin
fo(p
8)
|Boot
(p9)
|D
isk
usage
(p9)
|O
pened
files
(p9)
|M
ount/re
mount
(p10)
|M
ount
SM
B(p
11)
|M
ount
image
(p11)
|Burn
ISO
(p11)
|Cre
ate
image
(p12)
|M
em
ory
dis
k(p
13)
|D
isk p
erfo
rmance
(p13)
3.1
Pe
rm
iss
ion
s
Change
perm
issio
nand
ow
ners
hip
with
chmod
andchown.
The
defa
ult
um
ask
can
be
changed
for
all
users
in/e
tc/p
rofile
for
Lin
ux
or
/etc
/login
.conf
for
Fre
eBSD
.The
defa
ult
um
ask
isusually
022. T
he u
msak is
subtra
cte
d fro
m 7
77, th
us u
mask 0
22 re
sults
in a
perm
issio
n 0
f 755.
1 --x execute
# Mode 764 = exec/read/write | read/write | read
2 -w- write
# For: |-- Owner --| |- Group-| |Oth|
4 r-- read
ugo=a
u=user, g=group, o=others, a=everyone
# chmod [OPTION] MODE[,MODE] FILE
# MODE is of the form [ugoa]*([-+=]([rwxXst]))
# chmod 640 /var/log/maillog
# Restrict the log -rw-r-----
# chmod u=rw,g=r,o= /var/log/maillog
# Same as above
# chmod -R o-r /home/*
# Recursive remove other readable for all users
# chmod u+s /path/to/prog
# Set SUID bit on executable (know what you do!)
# find / -perm -u+s -print
# Find all programs with the SUID bit
# chown user:group /path/to/file
# Change the user and group ownership of a file
# chgrp group /path/to/file
# Change the group ownership of a file
3.2
Dis
k in
fo
rm
atio
n
# diskinfo -v /dev/ad2
# information about disk (sector/size) FreeBSD
# hdparm -I /dev/sda
# information about the IDE/ATA disk (Linux)
# fdisk /dev/ad2
# Display and manipulate the partition table
# smartctl -a /dev/ad2
# Display the disk SMART info
— F
ile S
yste
m —
8
Notic
e:
We u
sed a
DSA k
ey, R
SA is
als
o p
ossib
le. T
he k
ey is
not p
rote
cte
d b
y a
passw
ord
.
Usin
g p
utty
fo
r W
ind
ow
s
Putty
5is
a s
imple
and fre
e s
sh c
lient fo
r Win
dow
s.
•Cre
ate
a k
ey p
air w
ith th
e p
uTTYgen p
rogra
m.
•Save
the
public
and
priv
ate
keys
(for
exam
ple
into
C:\D
ocum
ents
and
Settin
gs\%
USERN
AM
E%
\.ssh).
•Copy th
e p
ublic
key to
the s
erv
er in
to th
e ~
/.ssh fo
lder:
# scp .ssh/puttykey.pub [email protected]:.ssh/
•U
se th
e s
sh-k
eygen c
om
mand o
n th
e s
erv
er to
convert th
e k
ey fo
r OpenSSH
:
# cd ~/.ssh
# ssh-keygen -i -f puttykey.pub >> authorized_keys2
•Poin
t the p
rivate
key lo
catio
n in
the p
utty
settin
gs: C
onnectio
n - S
SH
- Auth
5.2
Ch
ec
k f
ing
erp
rin
t
At
the
first
login
,ssh
will
ask
ifth
eunknow
nhost
with
the
fingerp
rint
has
tobe
sto
red
inth
eknow
nhosts
.To
avoid
am
an-in
-the-m
iddle
atta
ck
the
adm
inis
trato
rof
the
serv
er
can
send
you
the
serv
er
fingerp
rint
whic
his
then
com
pare
don
the
first
login
.U
sessh-keygen
-l
toget
the
fingerp
rint (o
n th
e s
erv
er):
# ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
# For RSA key
2048 61:33:be:9b:ae:6c:36:31:fd:83:98:b7:99:2d:9f:cd /etc/ssh/ssh_host_rsa_key.pub
# ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub
# For DSA key (default)
2048 14:4a:aa:d9:73:25:46:6d:0a:48:35:c7:f4:16:d4:ee /etc/ssh/ssh_host_dsa_key.pub
Now
the c
lient c
onnectin
g to
this
serv
er c
an v
erify
that h
e is
connectin
g to
the rig
ht s
erv
er:
# ssh linda
The authenticity of host 'linda (192.168.16.54)' can't be established.
DSA key fingerprint is 14:4a:aa:d9:73:25:46:6d:0a:48:35:c7:f4:16:d4:ee.
Are you sure you want to continue connecting (yes/no)? yes
5.3
Se
cu
re
file
tra
ns
fe
r
Som
e s
imple
com
mands:
# scp file.txt host-two:/tmp
# scp joe@host-two:/www/*.html /www/tmp
# scp -r joe@host-two:/www /www/tmp
InKonquero
ror
Mid
nig
ht
Com
mander
itis
possib
leto
access
are
mote
filesyste
mw
ithth
eaddre
ss
fish
://
user@
gate
. How
ever th
e im
ple
menta
tion is
very
slo
w.
Furth
erm
ore
itis
possib
leto
mount
are
mote
fold
er
with
ssh
fsa
filesyste
mclie
nt
based
on
SCP.
See fu
se s
shfs
6.
5.4
Tu
nn
elin
g
SSH
tunnelin
gallo
ws
tofo
rward
or
revers
efo
rward
aport
over
the
SSH
connectio
n,
thus
securin
gth
etra
fficand
accessin
gports
whic
hw
ould
oth
erw
ise
be
blo
cked.
This
only
work
sw
ithTCP. T
he g
enera
l nom
encla
ture
for fo
rward
and re
vers
e is
(see a
lso
ssh a
nd N
AT e
xam
ple
):
# ssh -L localport:desthost:destport user@gate
# desthost as seen from the gate
# ssh -R destport:desthost:localport user@gate
# forwards your localport to destination
# ssh -X user@gate
# To force X forwarding
5.h
ttp://w
ww
.chia
rk.g
reenend.o
rg.u
k/~
sgta
tham
/putty
/dow
nlo
ad.h
tml
6.h
ttp://fu
se.s
ourc
efo
rge.n
et/s
shfs
.htm
l
— S
SH
SCP —
21
# ipfw list
# rules status
# ipfw pipe list
# pipe status
# ipfw flush
# deletes all rules but default
4.1
3N
IS
De
bu
gg
ing
Som
e c
om
mands w
hic
h s
hould
work
on a
well c
onfigure
d N
IS c
lient:
# ypwhich
# get the connected NIS server name
# domainname
# The NIS domain name as configured
# ypcat group
# should display the group from the NIS server
# cd /var/yp && make
# Rebuild the yp database
Is y
pbin
d r
unnin
g?
# ps auxww | grep ypbind
/usr/sbin/ypbind -s -m -S servername1,servername2
# FreeBSD
/usr/sbin/ypbind
# Linux
# yppoll passwd.byname
Map passwd.byname has order number 1190635041. Mon Sep 24 13:57:21 2007
The master server is servername.domain.net.
Lin
ux
# cat /etc/yp.conf
ypserver servername
domain domain.net broadcast
5S
SH
S
CP
Public k
ey
(p20)
|Fin
gerp
rint
(p21)
|SCP
(p21)
|Tunneling
(p21)
5.1
Pu
bli
c k
ey
au
th
en
tic
atio
n
Connect
toa
host
without
passw
ord
usin
gpublic
key
auth
entication.
The
idea
isto
append
your
public
key
toth
eauth
orized_keys2
file
on
the
rem
ote
host.
For
this
exam
ple
let's
co
nn
ect
host-client
tohost-server,
the k
ey is g
enera
ted o
n t
he c
lient.
•U
se
ssh-k
eygen
togenera
tea
key
pair.~/.ssh/id_dsa
isth
eprivate
key,~/.ssh/
id_dsa.pub
is t
he p
ublic k
ey.
•Copy
only
the
public
key
toth
eserv
er
and
append
itto
the
file
~/.ssh/
authorized_keys2
on y
our
hom
e o
n t
he s
erv
er.
# ssh-keygen -t dsa -N ''
# cat ~/.ssh/id_dsa.pub | ssh you@host-server "cat - >> ~/.ssh/authorized_keys2"
Usin
g t
he
Win
do
ws c
lie
nt f
ro
m s
sh
.co
m
The
non
com
merc
ial
vers
ion
of
the
ssh.c
om
client
can
be
dow
nlo
aded
the
main
ftp
site:
ftp.s
sh.c
om
/pub/s
sh/.
Keys
genera
ted
by
the
ssh.c
om
client
need
tobe
convert
ed
for
the
OpenSSH
serv
er.
This
can b
e d
one w
ith t
he s
sh-k
eygen c
om
mand.
•Cre
ate
akey
pair
with
the
ssh.c
om
client:
Sett
ings
-U
ser
Auth
entication
-G
enera
teN
ew
....
•I
use K
ey t
ype D
SA;
key length
2048.
•Copy t
he p
ublic k
ey g
enera
ted b
y t
he s
sh.c
om
client
to t
he s
erv
er
into
the ~
/.ssh fold
er.
•The
keys
are
inC:\
Docum
ents
and
Sett
ings\%
USERN
AM
E%
\Application
Data
\SSH
\UserK
eys.
•U
se t
he s
sh-k
eygen c
om
mand o
n t
he s
erv
er
to c
onvert
the k
ey:
# cd ~/.ssh
# ssh-keygen -i -f keyfilename.pub >> authorized_keys2
— S
SH
SCP —
20
3.3
Bo
ot
Fre
eB
SD
To b
oot
an o
ld k
ern
el if t
he n
ew
kern
el doesn't b
oot,
sto
p t
he b
oot
at
during t
he c
ount
dow
n.
# unload
# load kernel.old
# boot
3.4
Sy
ste
m m
ou
nt p
oin
ts
/D
isk
us
ag
e
# mount | column -t
# Show mounted file-systems on the system
# df
# display free disk space and mounted devices
# cat /proc/partitions
# Show all registered partitions (Linux)
Dis
k u
sa
ge
# du -sh *
# Directory sizes as listing
# du -csh
# Total directory size of the current directory
# du -ks * | sort -n -r
# Sort everything by size in kilobytes
# ls -lSr
# Show files, biggest last
3.5
Wh
o h
as
wh
ich
fil
es
op
en
ed
This
isusefu
lto
find
out
whic
hfile
isblo
ckin
ga
part
itio
nw
hic
hhas
tobe
unm
ounte
dand
giv
es
aty
pic
al err
or
of:
# umount /home/
umount: unmount of /home
# umount impossible because a file is locking home
failed: Device busy
Fre
eB
SD
an
d m
ost U
nix
es
# fstat -f /home
# for a mount point
# fstat -p PID
# for an application with PID
# fstat -u user
# for a user name
Fin
d o
pened log file (
or
oth
er
opened files),
say for
Xorg
:
# ps ax | grep Xorg | awk '{print $1}'
1252
# fstat -p 1252
USER CMD PID FD MOUNT INUM MODE SZ|DV R/W
root Xorg 1252 root / 2 drwxr-xr-x 512 r
root Xorg 1252 text /usr 216016 -rws--x--x 1679848 r
root Xorg 1252 0 /var 212042 -rw-r--r-- 56987 w
The file w
ith inum
212042 is t
he o
nly
file in /
var:
# find -x /var -inum 212042
/var/log/Xorg.0.log
Lin
ux
Fin
d o
pened files o
n a
mount
poin
t w
ithfuser
orlsof:
# fuser -m /home
# List processes accessing /home
# lsof /home
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
tcsh 29029 eedcoba cwd DIR 0,18 12288 1048587 /home/eedcoba (guam:/home)
lsof 29140 eedcoba cwd DIR 0,18 12288 1048587 /home/eedcoba (guam:/home)
— F
ile S
yste
m —
9
About a
n a
pplic
atio
n:
ps ax | grep Xorg | awk '{print $1}'
3324
# lsof -p 3324
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
Xorg 3324 root 0w REG 8,6 56296 12492 /var/log/Xorg.0.log
About a
sin
gle
file:
# lsof /var/log/Xorg.0.log
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
Xorg 3324 root 0w REG 8,6 56296 12492 /var/log/Xorg.0.log
3.6
Mo
un
t/
re
mo
un
t a
file
sy
ste
m
For e
xam
ple
the c
dro
m. If lis
ted in
/etc
/fsta
b:
# mount /cdrom
Or fin
d th
e d
evic
e in
/dev/ o
r with
dm
esg
Fre
eB
SD
# mount -v -t cd9660 /dev/cd0c /mnt
# cdrom
# mount_cd9660 /dev/wcd0c /cdrom
# other method
# mount -v -t msdos /dev/fd0c /mnt
# floppy
Entry
in /e
tc/fs
tab:
# Device Mountpoint FStype Options Dump Pass#
/dev/acd0 /cdrom cd9660 ro,noauto 0 0
To le
t users
do it:
# sysctl vfs.usermount=1
# Or insert the line "vfs.usermount=1" in /etc/sysctl.conf
Lin
ux
# mount -t auto /dev/cdrom /mnt/cdrom
# typical cdrom mount command
# mount /dev/hdc -t iso9660 -r /cdrom
# typical IDE
# mount /dev/sdc0 -t iso9660 -r /cdrom
# typical SCSI
Entry
in /e
tc/fs
tab:
/dev/cdrom /media/cdrom subfs noauto,fs=cdfss,ro,procuid,nosuid,nodev,exec 0 0
Mount a
FreeB
SD
partitio
n w
ith L
inux
Fin
dth
epartitio
nnum
ber
conta
inin
gw
ithfd
isk,
this
isusually
the
root
partitio
n,
but
itcould
be
an
oth
er
BSD
slic
eto
o.
Ifth
eFre
eBSD
has
many
slic
es,
they
are
the
one
not
liste
din
the
fdis
kta
ble
, but v
isib
le in
/dev/s
da* o
r /dev/h
da*.
# fdisk /dev/sda
# Find the FreeBSD partition
/dev/sda3 * 5357 7905 20474842+ a5 FreeBSD
# mount -t ufs -o ufstype=ufs2,ro /dev/sda3 /mnt
/dev/sda10 = /tmp; /dev/sda11 /usr
# The other slices
Re
mo
un
t
Rem
ount a
devic
e w
ithout u
nm
ountin
g it. N
ecessary
for fs
ck fo
r exam
ple
# mount -o remount,ro /
# Linux
# mount -o ro /
# FreeBSD
Copy th
e ra
w d
ata
from
a c
dro
m in
to a
n is
o im
age:
# dd if=/dev/cd0c of=file.iso
— F
ile S
yste
m —
10
Lin
ux
For a
512 K
bit u
plo
ad m
odem
.
# tc qdisc add dev eth0 root tbf rate 480kbit latency 50ms burst 1540
# tc -s qdisc ls dev eth0
# Status
# tc qdisc del dev eth0 root
# Delete the queue
# tc qdisc change dev eth0 root tbf rate 220kbit latency 50ms burst 1540
FreeB
SD
Fre
eBSD
uses
thedummynet
traffic
shaper
whic
his
config
ure
dw
ithip
fw.
Pip
es
are
used
toset
limits
the
bandw
idth
inunits
of
[K|M
]{bit/s
|Byte
/s},
0m
eans
unlim
ited
bandw
idth
.U
sin
gth
esam
e p
ipe n
um
ber w
ill reconfig
ure
it. For e
xam
ple
limit th
e u
plo
ad b
andw
idth
to 5
00 K
bit.
# kldload dummynet
# load the module if necessary
# ipfw pipe 1 config bw 500Kbit/s
# create a pipe with limited bandwidth
# ipfw add pipe 1 ip from me to any
# divert the full upload into the pipe
Qu
alit
y o
f s
erv
ice
Lin
ux
Prio
rityqueuin
gw
ithtc
tooptim
ize
VoIP
.See
the
full
exam
ple
on
voip
-info
.org
or
ww
w.h
ow
tofo
rge.c
om
.Suppose
VoIP
uses
udp
on
ports
10000:1
1024
and
devic
eeth
0(c
ould
als
obe
ppp0
or
so).
The
follo
win
gcom
mands
defin
eth
eQ
oS
toth
ree
queues
and
forc
eth
eVoIP
traffic
toqueue
1w
ithQ
oS0x1e
(all
bits
set).
The
defa
ult
traffic
flow
sin
toqueue
3and
QoS
Min
imiz
e-D
ela
yflo
ws in
to q
ueue 2
.
# tc qdisc add dev eth0 root handle 1: prio priomap 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 0
# tc qdisc add dev eth0 parent 1:1 handle 10: sfq
# tc qdisc add dev eth0 parent 1:2 handle 20: sfq
# tc qdisc add dev eth0 parent 1:3 handle 30: sfq
# tc filter add dev eth0 protocol ip parent 1: prio 1 u32 \
match ip dport 10000 0x3C00 flowid 1:1
# use server port range
match ip dst 123.23.0.1 flowid 1:1
# or/and use server IP
Sta
tus a
nd re
move w
ith
# tc -s qdisc ls dev eth0
# queue status
# tc qdisc del dev eth0 root
# delete all QoS
Calc
ula
te p
ort r
ange a
nd m
ask
The
tcfilte
rdefin
es
the
port
range
with
port
and
mask
whic
hyou
have
tocalc
ula
te.
Fin
dth
e2^
Nendin
gof
the
port
range,
deduce
the
range
and
convert
toH
EX.
This
isyour
mask.
Exam
ple
for 1
0000 ->
11024, th
e ra
nge is
1024.
# 2^13 (8192) < 10000 < 2^14 (16384)
# ending is 2^14 = 16384
# echo "obase=16;(2^14)-1024" | bc
# mask is 0x3C00
FreeB
SD
The
max
link
bandw
idth
is500Kbit/s
and
we
defin
e3
queues
with
prio
rity100:1
0:1
for
VoIP
:ssh:a
ll the re
st.
# ipfw pipe 1 config bw 500Kbit/s
# ipfw queue 1 config pipe 1 weight 100
# ipfw queue 2 config pipe 1 weight 10
# ipfw queue 3 config pipe 1 weight 1
# ipfw add 10 queue 1 proto udp dst-port 10000-11024
# ipfw add 11 queue 1 proto udp dst-ip 123.23.0.1
# or/and use server IP
# ipfw add 20 queue 2 dsp-port ssh
# ipfw add 30 queue 3 from me to any
# all the rest
Sta
tus a
nd re
move w
ith
— N
etw
ork
—
19
# ipconfig /renew
# renew all adapters
# ipconfig /renew LAN
# renew the adapter named "LAN"
# ipconfig /release WLAN
# release the adapter named "WLAN"
Yes it
is a
good idea t
o r
enam
e y
ou a
dapte
r w
ith s
imple
nam
es!
4.1
1T
ra
ffic
an
aly
sis
Bm
on
3is
a s
mall c
onsole
bandw
idth
monitor
and c
an d
ispla
y t
he flo
w o
n d
iffe
rent
inte
rfaces.
Sn
iff w
ith
tcp
du
mp
# tcpdump -nl -i bge0 not port ssh and src \(192.168.16.121 or 192.168.16.54\)
# tcpdump -l > dump && tail -f dump
# Buffered output
# tcpdump -i rl0 -w traffic.rl0
# Write traffic in binary file
# tcpdump -r traffic.rl0
# Read from file (also for ethereal
# tcpdump port 80
# The two classic commands
# tcpdump host google.com
# tcpdump -i eth0 -X port \(110 or 143\)
# Check if pop or imap is secure
# tcpdump -n -i eth0 icmp
# Only catch pings
# tcpdump -i eth0 -s 0 -A port 80 | grep GET
# -s 0 for full packet -A for ASCII
Additio
nal im
port
ant
options:
-A
Print
each p
ackets
in c
lear
text
(without
header)
-X
Print
packets
in h
ex a
nd A
SCII
-l
Make s
tdout
line b
uffere
d
-D
Print
all inte
rfaces a
vailable
On W
indow
s u
se w
indum
p fro
mw
ww
.win
pcap.o
rg.
Use w
indum
p -
D t
o lis
t th
e inte
rfaces.
Sca
n w
ith
nm
ap
Nm
ap
4is
aport
scanner
with
OS
dete
ction,
itis
usually
insta
lled
on
most
dis
trib
utions
and
isals
o a
vailable
for
Win
dow
s.
If y
ou d
on't s
can y
our
serv
ers
, hackers
do it
for
you..
.
# nmap cb.vu
# scans all reserved TCP ports on the host
# nmap -sP 192.168.16.0/24
# Find out which IP are used and by which host on 0/24
# nmap -sS -sV -O cb.vu
# Do a stealth SYN scan with version and OS detection
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 3.8.1p1 FreeBSD-20060930 (protocol 2.0)
25/tcp open smtp Sendmail smtpd 8.13.6/8.13.6
80/tcp open http Apache httpd 2.0.59 ((FreeBSD) DAV/2 PHP/4.
[...]
Running: FreeBSD 5.X
Uptime 33.120 days (since Fri Aug 31 11:41:04 2007)
4.1
2T
ra
ffic
co
ntro
l (Q
oS
)
Tra
ffic
contr
ol
manages
the
queuin
g,
policin
g,
scheduling,
and
oth
er
traffic
para
mete
rsfo
ra
netw
ork
.The
follow
ing
exam
ple
sare
sim
ple
pra
cticaluses
of
the
Lin
ux
and
Fre
eBSD
capabilitie
sto
bett
er
use t
he a
vailable
bandw
idth
.
Lim
it u
plo
ad
DSL
or
cable
modem
shave
alo
ng
queue
toim
pro
ve
the
uplo
ad
thro
ughput.
How
ever
fillin
gth
equeue
with
afa
st
devic
e(e
.g.
eth
ern
et)
will
dra
matically
decre
ase
the
inte
ractivity.
Itis
there
fore
usefu
lto
lim
itth
edevic
euplo
ad
rate
tom
atc
hth
ephysic
al
capacity
of
the
modem
,th
isshould
gre
atly
impro
ve
the
inte
ractivity.
Set
toabout
90%
of
the
modem
maxim
al
(cable
)speed.
3.h
ttp:/
/people
.suug.c
h/~
tgr/
bm
on/
4.h
ttp:/
/insecure
.org
/nm
ap/
— N
etw
ork
—
18
3.7
Mo
un
t a
n S
MB
sh
are
Suppose
we
want
toaccess
the
SM
Bshare
myshare
on
the
com
pute
rsm
bserv
er,
the
addre
ss
as
typed
on
aW
indow
sPC
is\\
sm
bserv
er\
myshare
\.W
em
ount
on
/mnt/
sm
bshare
.W
arn
ing>
cifs
wants
an I
P o
r D
NS n
am
e,
not
a W
indow
s n
am
e.
Lin
ux
# smbclient -U user -I 192.168.16.229 -L //smbshare/
# List the shares
# mount -t smbfs -o username=winuser //smbserver/myshare /mnt/smbshare
# mount -t cifs -o username=winuser,password=winpwd //192.168.16.229/myshare /mnt/share
Additio
nally
with
the
package
mount.
cifs
itis
possib
leto
sto
reth
ecre
dentials
ina
file
,fo
rexam
ple
/home/user/.smb:
username=winuser
password=winpwd
And m
ount
as follow
:
# mount -t cifs -o credentials=/home/user/.smb //192.168.16.229/myshare /mnt/smbshare
Fre
eB
SD
Use -
I to
giv
e t
he I
P (
or
DN
S n
am
e);
sm
bserv
er
is t
he W
indow
s n
am
e.
# smbutil view -I 192.168.16.229 //winuser@smbserver
# List the shares
# mount_smbfs -I 192.168.16.229 //winuser@smbserver/myshare /mnt/smbshare
3.8
Mo
un
t a
n i
ma
ge
Lin
ux
lo
op
-b
ack
# mount -t iso9660 -o loop file.iso /mnt
# Mount a CD image
# mount -t ext3 -o loop file.img /mnt
# Mount an image with ext3 fs
Fre
eB
SD
With m
em
ory
devic
e (
do #
kld
load m
d.k
o if necessary
):
# mdconfig -a -t vnode -f file.iso -u 0
# mount -t cd9660 /dev/md0 /mnt
# umount /mnt; mdconfig -d -u 0
# Cleanup the md device
Or
with v
irtu
al node:
# vnconfig /dev/vn0c file.iso; mount -t cd9660 /dev/vn0c /mnt
# umount /mnt; vnconfig -u /dev/vn0c
# Cleanup the vn device
So
laris
an
d F
re
eB
SD
with loop-b
ack file inte
rface o
r lo
fi:
# lofiadm -a file.iso
# mount -F hsfs -o ro /dev/lofi/1 /mnt
# umount /mnt; lofiadm -d /dev/lofi/1
# Cleanup the lofi device
3.9
Cre
ate
an
d b
urn
an
IS
O i
ma
ge
This
willcopy
the
cd
or
DVD
secto
rfo
rsecto
r.W
ithoutconv=notrunc,
the
image
willbe
sm
aller
if t
here
is less c
onte
nt
on t
he c
d.
See b
elo
w a
nd t
he
dd e
xam
ple
s(p
age 3
8).
# dd if=/dev/hdc of=/tmp/mycd.iso bs=2048 conv=notrunc
— F
ile S
yste
m —
11
Use
mkis
ofs
tocre
ate
aCD
/DVD
image
from
files
ina
dire
cto
ry.
To
overc
om
eth
efile
nam
es
restric
tions:
-renable
sth
eRock
Rid
ge
exte
nsio
ns
com
mon
toU
NIX
syste
ms,
-Jenable
sJo
liet
exte
nsio
ns u
sed b
y M
icro
soft s
yste
ms. -L
allo
ws IS
O9660 file
nam
es to
begin
with
a p
erio
d.
# mkisofs -J -L -r -V TITLE -o imagefile.iso /path/to/dir
On F
reeBSD
, mkis
ofs
is fo
und in
the p
orts
in s
ysutils
/cdrto
ols
.
Bu
rn
a C
D/
DV
D I
SO
ima
ge
FreeB
SD
Fre
eBSD
does
not
enable
DM
Aon
ATAPI
driv
es
by
defa
ult.
DM
Ais
enable
dw
ithth
esysctl
com
mand a
nd th
e a
rgum
ents
belo
w, o
r with
/boot/lo
ader.c
onf w
ith th
e fo
llow
ing e
ntrie
s:
hw.ata.ata_dma="1"
hw.ata.atapi_dma="1"
Useburncd
with
an
ATAPI
devic
e(burncd
ispart
of
the
base
syste
m)
andcdrecord
(insysutils
/
cdrto
ols
) with
a S
CSI d
rive.
# burncd -f /dev/acd0 data imagefile.iso fixate
# For ATAPI drive
# cdrecord -scanbus
# To find the burner device (like 1,0,0)
# cdrecord dev=1,0,0 imagefile.iso
Lin
ux
Als
ousecdrecord
with
Lin
ux
as
describ
ed
above.
Additio
nally
itis
possib
leto
use
the
nativ
e
ATAPI in
terfa
ce w
hic
h is
found w
ith:
# cdrecord dev=ATAPI -scanbus
And b
urn
the C
D/D
VD
as a
bove.
Co
nv
ert a
Ne
ro
.nrg
file
to
.iso
Nero
sim
ply
adds a
300Kb h
eader to
a n
orm
al is
o im
age. T
his
can b
e trim
med w
ith d
d.
# dd bs=1k if=imagefile.nrg of=imagefile.iso skip=300
Co
nv
ert a
bin
/cu
e im
ag
e t
o .is
o
The little
bchunk
pro
gra
m2
can d
o th
is. It is
in th
e F
reeBSD
ports
in s
ysutils
/bchunk.
# bchunk imagefile.bin imagefile.cue imagefile.iso
3.1
0C
re
ate
a f
ile b
as
ed
ima
ge
For e
xam
ple
a p
artitio
n o
f 1G
B u
sin
g th
e file
/usr/v
dis
k.im
g.
Fre
eB
SD
# dd if=/dev/random of=/usr/vdisk.img bs=1K count=1M
# mdconfig -a -t vnode -f /usr/vdisk.img -u 1
# Creates device /dev/md1
# bsdlabel -w /dev/md1
# newfs /dev/md1c
# mount /dev/md1c /mnt
# umount /mnt; mdconfig -d -u 1; rm /usr/vdisk.img
# Cleanup the md device
Lin
ux
# dd if=/dev/zero of=/usr/vdisk.img bs=1024k count=1024
# mkfs.ext3 /usr/vdisk.img
2.h
ttp://fre
shm
eat.n
et/p
roje
cts
/bchunk/
— F
ile S
yste
m —
12
The p
rogra
m h
ost is
als
o p
ow
erfu
l.
# host -t MX cb.vu
# Get the mail MX entry
# host -t NS -T sun.com
# Get the NS record over a TCP connection
# host -a sleepyowl.net
# Get everything
Re
ve
rse
qu
erie
s
Fin
dth
enam
ebelo
ngin
gto
an
IPaddre
ss
(in-a
ddr.a
rpa.).
This
can
be
done
with
dig,host
and
nslookup:
# dig -x 78.31.70.238
# host 78.31.70.238
# nslookup 78.31.70.238
/e
tc/
ho
sts
Sin
gle
hosts
can
be
config
ure
din
the
file/e
tc/h
osts
inste
ad
of
runnin
gnamed
locally
tore
solv
e
the h
ostn
am
e q
uerie
s. T
he fo
rmat is
sim
ple
, for e
xam
ple
:
78.31.70.238 sleepyowl.net sleepyowl
The
prio
ritybetw
een
hosts
and
adns
query
,th
at
isth
enam
ere
solu
tion
ord
er,
can
be
config
ure
din
/etc/nsswitch.conf
AN
D/e
tc/h
ost.c
onf.
The
fileals
oexis
tson
Win
dow
s,
itis
usually
in:
C:\WINDOWS\SYSTEM32\DRIVERS\ETC
4.1
0D
HC
P
Lin
ux
Som
e d
istrib
utio
ns (S
uSE) u
se d
hcpcd a
s c
lient. T
he d
efa
ult in
terfa
ce is
eth
0.
# dhcpcd -n eth0
# Trigger a renew
# dhcpcd -k eth0
# release and shutdown
The le
ase w
ith th
e fu
ll info
rmatio
n is
sto
red in
:
/var/lib/dhcpcd/dhcpcd-eth0.info
Fre
eB
SD
Fre
eBSD
(and D
ebia
n) u
ses d
hclie
nt. T
o c
onfig
ure
an in
terfa
ce (fo
r exam
ple
bge0) ru
n:
# dhclient bge0
The le
ase w
ith th
e fu
ll info
rmatio
n is
sto
red in
:
/var/db/dhclient.leases.bge0
Use
/etc/dhclient.conf
to p
repend o
ptio
ns o
r forc
e d
iffere
nt o
ptio
ns:
# cat /etc/dhclient.conf
interface "rl0" {
prepend domain-name-servers 127.0.0.1;
default domain-name "sleepyowl.net";
supersede domain-name "sleepyowl.net";
}Win
do
ws
The d
hcp le
ase c
an b
e re
new
ed w
ithipconfig:
— N
etw
ork
—
17
# iptables -t nat -A PREROUTING -p tcp -d 78.31.70.238 --dport 993:995 -j DNAT \
--to 192.168.16.254:993:995
# Port forward of range 993-995
# ip route flush cache
# iptables -L -t nat
# Check NAT status
Dele
te t
he p
ort
forw
ard
with -
D inste
ad o
f -A
.
Fre
eB
SD
# natd -s -m -u -dynamic -f /etc/natd.conf -n fxp0
Or edit /etc/rc.conf with:
firewall_enable="YES"
# Set to YES to enable firewall functionality
firewall_type="open"
# Firewall type (see /etc/rc.firewall)
natd_enable="YES"
# Enable natd (if firewall_enable == YES).
natd_interface="tun0"
# Public interface or IP address to use.
natd_flags="-s -m -u -dynamic -f /etc/natd.conf"
Port
forw
ard
with:
# cat /etc/natd.conf
same_ports yes
use_sockets yes
unregistered_only
# redirect_port tcp insideIP:2300-2399 3300-3399
# port range
redirect_port udp 192.168.51.103:7777 7777
4.9
DN
S
On
Unix
the
DN
Sentr
ies
are
valid
for
all
inte
rfaces
and
are
sto
red
in/e
tc/r
esolv
.conf.
The
dom
ain
to w
hic
h t
he h
ost
belo
ngs is a
lso s
tore
d in t
his
file.
A m
inim
al configura
tion is:
nameserver 78.31.70.238
search sleepyowl.net intern.lab
domain sleepyowl.net
Check t
he s
yste
m d
om
ain
nam
e w
ith:
# hostname -d
# Same as dnsdomainname
Win
do
ws
On
Win
dow
sth
eD
NS
are
configure
dper
inte
rface.
To
dis
pla
yth
econfigure
dD
NS
and
toflush
the D
NS c
ache u
se:
# ipconfig /?
# Display help
# ipconfig /all
# See all information including DNS
# ipconfig /flushdns
# Flush the DNS cache
Fo
rw
ard
qu
erie
s
Dig
isyou
frie
nd
tote
st
the
DN
Ssett
ings.
For
exam
ple
the
public
DN
Sserv
er213.133.105.2
ns.second-ns.de
can
be
used
for
testing.
See
from
whic
hserv
er
the
client
receiv
es
the
answ
er
(sim
plified a
nsw
er)
.
# dig sleepyowl.net
sleepyowl.net. 600 IN A 78.31.70.238
;; SERVER: 192.168.51.254#53(192.168.51.254)
The
route
r192.1
68.5
1.2
54
answ
ere
dand
the
response
isth
eA
entr
y.
Any
entr
ycan
be
queried
and t
he D
NS s
erv
er
can b
e s
ele
cte
d w
ith @
:
# dig MX google.com
# dig @127.0.0.1 NS sun.com
# To test the local server
# dig @204.97.212.10 NS MX heise.de
# Query an external server
# dig AXFR @ns1.xname.org cb.vu
# Get the full zone (zone transfer)
— N
etw
ork
—
16
# mount -o loop /usr/vdisk.img /mnt
# umount /mnt; rm /usr/vdisk.img
# Cleanup
Lin
ux
wit
h l
ose
tu
p
/dev/zero
is m
uch faste
r th
anurandom,
but
less s
ecure
for
encry
ption.
# dd if=/dev/urandom of=/usr/vdisk.img bs=1024k count=1024
# losetup /dev/loop0 /usr/vdisk.img
# Creates and associates /dev/loop0
# mkfs.ext3 /dev/loop0
# mount /dev/loop0 /mnt
# losetup -a
# Check used loops
# umount /mnt
# losetup -d /dev/loop0
# Detach
# rm /usr/vdisk.img
3.1
1C
re
ate
a m
em
ory
fil
e s
ys
te
m
Am
em
ory
based
file
syste
mis
very
fast
for
heavy
IOapplication.
How
tocre
ate
a64
MB
part
itio
n m
ounte
d o
n /
mem
dis
k:
Fre
eB
SD
# mount_mfs -o rw -s 64M md /memdisk
# umount /memdisk; mdconfig -d -u 0
# Cleanup the md device
md /memdisk mfs rw,-s64M 0 0
# /etc/fstab entry
Lin
ux
# mount -t tmpfs -osize=64m tmpfs /memdisk
3.1
2D
isk
pe
rfo
rm
an
ce
Read a
nd w
rite
a 1
GB file o
n p
art
itio
n a
d4s3c (
/hom
e)
# time dd if=/dev/ad4s3c of=/dev/null bs=1024k count=1000
# time dd if=/dev/zero bs=1024k count=1000 of=/home/1Gb.file
# hdparm -tT /dev/hda
# Linux only
4N
ET
WO
RK
Routing
(p14)
|Additio
nal
IP(p
14)
|Change
MAC
(p14)
|Port
s(p
14)
|Firew
all
(p15)
|IP
Forw
ard
(p15)
|N
AT
(p15)
|D
NS
(p16)
|D
HCP
(p17)
|Tra
ffic
(p18)
|Q
oS
(p18)
|N
IS(p
20)
4.1
De
bu
gg
ing
(S
ee
als
oT
ra
ffic
an
aly
sis
)(p
ag
e 1
8)
# mii-diag eth0
# Show the link status (Linux)
# ifconfig fxp0
# Check the "media" field on FreeBSD
# arp -a
# Check the router (or host) ARP entry (all OS)
# ping cb.vu
# The first thing to try...
# traceroute cb.vu
# Print the route path to destination
# mii-diag -F 100baseTx-FD eth0
# Force 100Mbit Full duplex (Linux)
# ifconfig fxp0 media 100baseTX mediaopt full-duplex
# Same for FreeBSD
# netstat -s
# System-wide statistics for each network protocol
— N
etw
ork
—
13
4.2
Ro
utin
g
Prin
t r
ou
tin
g t
ab
le
# route -n
# Linux
# netstat -rn
# Linux, BSD and UNIX
# route print
# Windows
Ad
d a
nd
de
lete
a r
ou
te
FreeB
SD
# route add 212.117.0.0/16 192.168.1.1
# route delete 212.117.0.0/16
# route add default 192.168.1.1
Add th
e ro
ute
perm
anently
in /e
tc/rc
.conf
static_routes="myroute"
route_myroute="-net 212.117.0.0/16 192.168.1.1"
Lin
ux
# route add -net 192.168.20.0 netmask 255.255.255.0 gw 192.168.16.254
# ip route add 192.168.20.0/24 via 192.168.16.254
# same as above with ip route
# route add -net 192.168.20.0 netmask 255.255.255.0 dev eth0
# route add default gw 192.168.51.254
# ip route add default via 192.168.51.254
# same as above with ip route
# route delete -net 192.168.20.0 netmask 255.255.255.0
Win
dow
s
# Route add 192.168.50.0 mask 255.255.255.0 192.168.51.253
# Route add 0.0.0.0 mask 0.0.0.0 192.168.51.254
Use a
dd -p
to m
ake th
e ro
ute
pers
iste
nt.
4.3
Co
nfig
ure
ad
dit
ion
al I
P a
dd
re
ss
es
Lin
ux
# ifconfig eth0 192.168.50.254 netmask 255.255.255.0
# First IP
# ifconfig eth0:0 192.168.51.254 netmask 255.255.255.0
# Second IP
Fre
eB
SD
# ifconfig fxp0 inet 192.168.50.254/24
# First IP
# ifconfig fxp0 alias 192.168.51.254 netmask 255.255.255.0
# Second IP
Perm
anent e
ntrie
s in
/etc
/rc.c
onf
ifconfig_fxp0="inet 192.168.50.254 netmask 255.255.255.0"
ifconfig_fxp0_alias0="192.168.51.254 netmask 255.255.255.0"
4.4
Ch
an
ge
MA
C a
dd
re
ss
# ifconfig eth0 hw ether 00:01:02:03:04:05
# Linux
# ifconfig fxp0 link 00:01:02:03:04:05
# FreeBSD
4.5
Po
rts
in u
se
Lis
tenin
g o
pen p
orts
:
— N
etw
ork
—
14
# netstat -an | grep LISTEN
# lsof -i
# Linux list all Internet connections
# socklist
# Linux display list of open sockets
# sockstat -4
# FreeBSD application listing
# netstat -anp --udp --tcp | grep LISTEN
# Linux
# netstat -tup
# List active connections to/from system (Linux)
# netstat -tupl
# List listening ports from system (Linux)
# netstat -ano
# Windows
4.6
Fir
ew
all
Check if a
firew
all is
runnin
g (ty
pic
al c
onfig
ura
tion o
nly
):
Lin
ux
# iptables -L -n -v
# For status
Open the iptables firewall
# iptables -Z
# Zero the packet and byte counters in all chains
# iptables -F
# Flush all chains
# iptables -X
# Delete all chains
# iptables -P INPUT ACCEPT
# Open everything
# iptables -P FORWARD ACCEPT
# iptables -P OUTPUT ACCEPT
Fre
eB
SD
# ipfw show
# For status
# ipfw list 65535
# if answer is "65535 deny ip from any to any" the fw is disabled
# sysctl net.inet.ip.fw.enable=0
# Disable
# sysctl net.inet.ip.fw.enable=1
# Enable
4.7
IP
Fo
rw
ard
fo
r r
ou
tin
g
Lin
ux
Check a
nd th
en e
nable
IP fo
rward
with
:
# cat /proc/sys/net/ipv4/ip_forward
# Check IP forward 0=off, 1=on
# echo 1 > /proc/sys/net/ipv4/ip_forward
or e
dit /e
tc/s
ysctl.c
onf w
ith:
net.ipv4.ip_forward = 1
Fre
eB
SD
Check a
nd e
nable
with
:
# sysctl net.inet.ip.forwarding
# Check IP forward 0=off, 1=on
# sysctl net.inet.ip.forwarding=1
# sysctl net.inet.ip.fastforwarding=1
# For dedicated router or firewall
Permanent with entry in /etc/rc.conf:
gateway_enable="YES"
# Set to YES if this host will be a gateway.
4.8
NA
T N
etw
ork
Ad
dre
ss
Tra
ns
latio
n
Lin
ux
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# to activate NAT
# iptables -t nat -A PREROUTING -p tcp -d 78.31.70.238 --dport 20022 -j DNAT \
--to 192.168.16.44:22
# Port forward 20022 to internal IP port ssh
— N
etw
ork
—
15
21
.4S
om
e u
se
fu
l c
om
ma
nd
s
sort -t. -k1,1n -k2,2n -k3,3n -k4,4n
# Sort IPv4 ip addresses
echo 'Test' | tr '[:lower:]' '[:upper:]'
# Case conversion
echo foo.bar | cut -d . -f 1
# Returns foo
PID=$(ps | grep script.sh | grep bin | awk '{print $1}')
# PID of a running script
PID=$(ps axww | grep [p]ing | awk '{print $1}')
# PID of ping (w/o grep pid)
IP=$(ifconfig $INTERFACE | sed '/.*inet addr:/!d;s///;s/ .*//')
# Linux
IP=$(ifconfig $INTERFACE | sed '/.*inet /!d;s///;s/ .*//')
# FreeBSD
if [ `diff file1 file2 | wc -l` != 0 ]; then [...] fi
# File changed?
cat /etc/master.passwd | grep -v root | grep -v \*: | awk -F":" \
# Create http passwd
'{ printf("%s:%s\n", $1, $2) }' > /usr/local/etc/apache2/passwd
testuser=$(cat /usr/local/etc/apache2/passwd | grep -v \
# Check user in passwd
root | grep -v \*: | awk -F":" '{ printf("%s\n", $1) }' | grep ^user$)
22
PR
OG
RA
MM
IN
G
22
.1C
ba
sic
s
strcpy(newstr,str)
/* copy str to newstr */
expr1 ? expr2 : expr3
/* if (expr1) expr2 else expr3 */
x = (y > z) ? y : z;
/* if (y > z) x = y; else x = z; */
int a[]={0,1,2};
/* Initialized array (or a[3]={0,1,2}; */
int a[2][3]={{1,2,3},{4,5,6}};
/* Array of array of ints */
int i = 12345;
/* Convert in i to char str */
char str[10];
sprintf(str, "%d", i);
22
.2C
ex
am
ple
A m
inim
al c p
rogra
m s
imple
.c:
#include
<stdio.h>
main() {
int
number=42;
printf("The answer is %i\n", number);
} Com
pile w
ith:
# gcc simple.c -o simple
# ./simple
The answer is 42
22
.3C
++
ba
sic
s
*pointer
// Object pointed to by pointer
&obj
// Address of object obj
obj.x
// Member x of class obj (object obj)
pobj->x
// Member x of class pointed to by pobj
// (*pobj).x and pobj->x are the same
22
.4C
++
ex
am
ple
As
aslightly
more
realistic
pro
gra
min
C+
+,
let's
cre
ate
acla
ss
inits
ow
nheader
(IPv4.h
)and
imple
menta
tion
(IPv4.c
pp)
and
cre
ate
apro
gra
mw
hic
huses
the
cla
ss
functionality
.The
cla
ss
— P
rogra
mm
ing —
50
User_Alias ADMINS = colin, luca, admin
User_Alias DEVEL = joe, jack, julia
Runas_Alias DBA = oracle,pgsql
# Command aliases define the full path of a list of commands
Cmnd_Alias SYSTEM = /sbin/reboot,/usr/bin/kill,/sbin/halt,/sbin/shutdown,/etc/init.d/
Cmnd_Alias PW = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
# Not root pwd!
Cmnd_Alias DEBUG = /usr/sbin/tcpdump,/usr/bin/wireshark,/usr/bin/nmap
# The actual rules
root,ADMINS ALL = (ALL) NOPASSWD: ALL
# ADMINS can do anything w/o a password.
DEVEL DESKTOP = (ALL) NOPASSWD: ALL
# Developers have full right on desktops
DEVEL DMZ = (ALL) NOPASSWD: DEBUG
# Developers can debug the DMZ servers.
# User sysadmin can mess around in the DMZ servers with some commands.
sysadmin DMZ = (ALL) NOPASSWD: SYSTEM,PW,DEBUG
sysadmin ALL,!DMZ = (ALL) NOPASSWD: ALL
# Can do anything outside the DMZ.
%dba ALL = (DBA) ALL
# Group dba can run as database user.
# anyone can mount/unmount a cd-rom on the desktop machines
ALL DESKTOP = NOPASSWD: /sbin/mount /cdrom,/sbin/umount /cdrom
9E
NC
RY
PT
F
IL
ES
9.1
A s
ing
le f
ile
Encry
pt
and d
ecry
pt:
# openssl des -salt -in file -out file.des
# openssl des -d -salt -in file.des -out file
Note
that
the file c
an o
f cours
e b
e a
tar
arc
hiv
e.
9.2
ta
r a
nd
en
cry
pt a
wh
ole
dir
ec
to
ry
# tar -cf - directory | openssl des -salt -out directory.tar.des
# Encrypt
# openssl des -d -salt -in directory.tar.des | tar -x
# Decrypt
9.3
ta
r z
ip a
nd
en
cry
pt a
wh
ole
dir
ec
to
ry
# tar -zcf - directory | openssl des -salt -out directory.tar.gz.des
# Encrypt
# openssl des -d -salt -in directory.tar.gz.des | tar -xz
# Decrypt
•U
se
-km
ysecre
tpassw
ord
aft
er
des
toavoid
the
inte
ractive
passw
ord
request.
How
ever
note
that
this
is h
ighly
insecure
.•
Use
des3
inste
ad
of
des
toget
even
str
onger
encry
ption
(Triple
-DES
Cip
her)
.This
uses
als
o m
ore
CPU
.
10
EN
CR
YP
T P
AR
TI
TI
ON
S
Lin
ux
with
LU
KS
(p28)
|Lin
ux
dm
-cry
pt
only
(p28)
|Fre
eBSD
GELI
(p28)
|FBSD
pw
donly
(p29)
There
are
(many)
oth
er
altern
ative
meth
ods
toencry
pt
dis
ks,
Ionly
show
here
the
meth
ods
Iknow
and
use.
Keep
inm
ind
that
the
security
isonly
good
as
long
the
OS
has
not
been
tem
pere
dw
ith.
An
intr
uder
could
easily
record
the
passw
ord
from
the
keyboard
events
.Furt
herm
ore
the
data
isfr
eely
accessib
lew
hen
the
part
itio
nis
att
ached
and
willnot
pre
vent
an
intr
uder
to h
ave a
ccess t
o it
in t
his
sta
te.
— E
ncry
pt
Files —
27
10
.1L
inu
x
Those
instru
ctio
ns
use
the
Lin
uxdm-crypt
(devic
e-m
apper)
facility
availa
ble
on
the
2.6
kern
el.
Inth
isexam
ple
,le
tsencry
pt
the
partitio
n/dev/sdc1,
itcould
be
how
ever
any
oth
er
partitio
nor
dis
k,
or
USB
or
afile
based
partitio
ncre
ate
dw
ithlosetup.
Inth
iscase
we
would
use/dev/
loop0.
See
fileim
age
partitio
n.
The
devic
em
apper
uses
labels
toid
entify
apartitio
n.
We
use
sdc1
in th
is e
xam
ple
, but it c
ould
be a
ny s
tring.
dm
-cry
pt w
ith
LU
KS
LU
KS
with
dm
-cry
pt
has
bette
rencry
ptio
nand
makes
itpossib
leto
have
multip
lepassphra
se
for
the
sam
epartitio
nor
tochange
the
passw
ord
easily
.To
test
ifLU
KS
isavaila
ble
,sim
ply
type#
cryptsetup
--help,
ifnoth
ing
about
LU
KS
show
sup,
use
the
instru
ctio
ns
belo
wW
ithout
LU
KS.
Firs
t cre
ate
a p
artitio
n if n
ecessary
:fdisk /dev/sdc.
Create
encrypte
d p
artitio
n
# dd if=/dev/urandom of=/dev/sdc1
# Optional. For paranoids only (takes days)
# cryptsetup -y luksFormat /dev/sdc1
# This destroys any data on sdc1
# cryptsetup luksOpen /dev/sdc1 sdc1
# mkfs.ext3 /dev/mapper/sdc1
# create ext3 file system
# mount -t ext3 /dev/mapper/sdc1 /mnt
# umount /mnt
# cryptsetup luksClose sdc1
# Detach the encrypted partition
Atta
ch
# cryptsetup luksOpen /dev/sdc1 sdc1
# mount -t ext3 /dev/mapper/sdc1 /mnt
Deta
ch
# umount /mnt
# cryptsetup luksClose sdc1
dm
-cry
pt w
ith
ou
t L
UK
S
# cryptsetup -y create sdc1 /dev/sdc1
# or any other partition like /dev/loop0
# dmsetup ls
# check it, will display: sdc1 (254, 0)
# mkfs.ext3 /dev/mapper/sdc1
# This is done only the first time!
# mount -t ext3 /dev/mapper/sdc1 /mnt
# umount /mnt/
# cryptsetup remove sdc1
# Detach the encrypted partition
Do
exactly
the
sam
e(w
ithout
the
mkfs
part!)
tore
-atta
ch
the
partitio
n.
Ifth
epassw
ord
isnot
corre
ct,
the
mount
com
mand
will
fail.
Inth
iscase
sim
ply
rem
ove
the
map
sdc1
( cryptsetup
remove sdc1) a
nd c
reate
it again
.
10
.2F
re
eB
SD
The
two
popula
rFre
eBSD
dis
kencry
ptio
nm
odule
sare
gbde
andgeli.
Inow
use
geli
because
it
isfa
ste
rand
als
ouses
the
cry
pto
devic
efo
rhard
ware
accele
ratio
n.
See
The
Fre
eBSD
handbook
Chapte
r 18.6
8fo
r all th
e d
eta
ils. T
he g
eli m
odule
must b
e lo
aded o
r com
pile
d in
to th
e k
ern
el:
options GEOM_ELI
device crypto
# or as module:
# echo 'geom_eli_load="YES"' >> /boot/loader.conf
# or do: kldload geom_eli
8.h
ttp://w
ww
.freebsd.o
rg/h
andbook/d
isks-e
ncry
ptin
g.h
tml
— E
ncry
pt P
artitio
ns —
28
echo $count
sleep 1
count=$(($count
+ 1))
done
myfunction() {
find . -type f -name "*.$1" -print
# $1 is first argument of the function
}myfunction "txt"
Generate
a file
MYHOME=/home/colin
cat > testhome.sh << _EOF
# All of this goes into the file testhome.sh
if
[ -d "$MYHOME" ] ;
then
echo $MYHOME
exists
else
echo $MYHOME
does not exist
fi
_EOF
sh testhome.sh
21
.2B
ou
rn
e s
crip
t e
xa
mp
le
As a
sm
all e
xam
ple
, the s
crip
t used to
cre
ate
a P
DF b
ookle
t from
this
xhtm
l docum
ent:
#!/bin/sh
# This script creates a book in pdf format ready to print on a duplex printer
if
[ $#
-ne
1 ];
then
# Check the argument
echo 1>&2 "Usage: $0 HtmlFile"
exit
1# non zero exit if error
fi
file=$1
# Assign the filename
fname=${file%.*}
# Get the name of the file only
fext=${file#*.}
# Get the extension of the file
prince $file
-o $fname.pdf
# from www.princexml.com
pdftops -paper A4 -noshrink $fname.pdf $fname.ps
# create postscript booklet
cat $fname.ps |psbook|psnup -Pa4 -2 |pstops -b "2:0,1U(21cm,29.7cm)" > $fname.book.ps
ps2pdf13 -sPAPERSIZE=a4 -sAutoRotatePages=None $fname.book.ps $fname.book.pdf
# use #a4 and #None on Windows!
exit
0# exit 0 means successful
21
.3S
om
e s
ed
co
mm
an
ds
sed 's/string1/string2/g'
# Replace string1 with string2
sed -i 's/wroong/wrong/g' *.txt
# Replace a recurring word with g
sed 's/\(.*\)1/\12/g'
# Modify anystring1 to anystring2
sed '/<p>/,/<\/p>/d' t.xhtml
# Delete lines that start with <p>
# and end with </p>
sed '/ *#/d; /^ *$/d'
# Remove comments and blank lines
sed 's/[ \t]*$//'
# Remove trailing spaces (use tab as \t)
sed 's/^[ \t]*//;s/[ \t]*$//'
# Remove leading and trailing spaces
sed 's/[^*]/[&]/'
# Enclose first char with [] top->[t]op
— S
crip
ting —
49
M-b
Move c
urs
or
back o
ne w
ord
M-f
Move c
urs
or
forw
ard
one w
ord
M-d
Cut
the n
ext
word
C-w
Cut
the last
word
C-u
Cut
every
thin
g b
efo
re t
he c
urs
or
C-k
Cut
every
thin
g a
fter
the c
urs
or
(rest
of th
e lin
e)
C-y
Paste
the last
thin
g t
o b
e c
ut
(sim
ply
paste
)C-_
Undo
Note
:C-
= h
old
contr
ol, M
- =
hold
meta
(w
hic
h is u
sually t
he a
lt o
r escape k
ey).
21
SC
RI
PT
IN
G
Basic
s(p
48)
|Script
exam
ple
(p49)
|sed/u
sefu
l com
mands
(p49)
The
Bourn
eshell
(/bin
/sh)
ispre
sent
on
all
Unix
insta
llations
and
scripts
writt
en
inth
isla
nguage
are
(quite)
port
able
;man 1 sh
is a
good r
efe
rence.
21
.1B
as
ics
Va
ria
ble
s a
nd
arg
um
en
ts
Assig
n w
ith v
ariable
=valu
e a
nd g
et
conte
nt
with $
variable
MESSAGE="Hello World"
# Assign a string
PI=3.1415
# Assign a decimal number
N=8
TWON=`expr $N * 2`
# Arithmetic expression (only integers)
TWON=$(($N * 2))
# Other syntax
TWOPI=`echo "$PI * 2" | bc -l`
# Use bc for floating point operations
ZERO=`echo "c($PI/4)-sqrt(2)/2" | bc -l`
The c
om
mand lin
e a
rgum
ents
are
$0, $1, $2, ...
# $0 is the command itself
$#
# The number of arguments
$*
# All arguments (also $@)
Sp
ecia
l V
aria
ble
s
$$
# The current process ID
$?
# exit status of last command
command
if
[ $?
!= 0 ];
then
echo "command failed"
fi
mypath=`pwd`
mypath=${mypath}/file.txt
echo ${mypath##*/}
# Display the filename only
echo ${mypath%%.*}
# Full path without extention
var2=${var:=string}
# Use var if set, otherwise use string
# assign string to var and then to var2.
Co
nstru
cts
for
file
in `ls`
do
echo $file
done
count=0
while
[ $count
-lt 5 ];
do
— S
cripting —
48
Use
pa
ssw
ord
an
d k
ey
Iuse
those
sett
ings
for
aty
pic
aldis
kencry
ption,
ituses
apassphra
se
AN
Da
key
toencry
pt
the
maste
rkey.
That
isyou
need
both
the
passw
ord
and
the
genera
ted
key/root/ad1.key
to
att
ach
the
part
itio
n.
The
maste
rkey
issto
red
insid
eth
epart
itio
nand
isnot
vis
ible
.See
belo
wfo
r ty
pic
al U
SB o
r file
based im
age.
Create
encrypte
d p
arti
tion
# dd if=/dev/random of=/root/ad1.key bs=64 count=1
# this key encrypts the mater key
# geli init -s 4096 -K /root/ad1.key /dev/ad1
# -s 8192 is also OK for disks
# geli attach -k /root/ad1.key /dev/ad1
# DO make a backup of /root/ad1.key
# dd if=/dev/random of=/dev/ad1.eli bs=1m
# Optional and takes a long time
# newfs /dev/ad1.eli
# Create file system
# mount /dev/ad1.eli /mnt
Att
ach
# geli attach -k /root/ad1.key /dev/ad1
# fsck -ny -t ffs /dev/ad1.eli
# In doubt check the file system
# mount /dev/ad1.eli /mnt
Deta
ch
The d
eta
ch p
rocedure
is d
one a
uto
matically o
n s
hutd
ow
n.
# umount /mnt
# geli detach /dev/ad1.eli
/etc
/fs
tab
The
encry
pte
dpart
itio
ncan
be
configure
dto
be
mounte
dw
ith
/etc
/fsta
b.
The
passw
ord
will
be
pro
mpte
d w
hen b
ooting.
The follow
ing s
ett
ings a
re r
equired for
this
exam
ple
:
# grep geli /etc/rc.conf
geli_devices="ad1"
geli_ad1_flags="-k /root/ad1.key"
# grep geli /etc/fstab
/dev/ad1.eli /home/private ufs rw 0 0
Use
pa
ssw
ord
on
ly
Itis
more
convenie
nt
toencry
pt
aU
SB
stick
or
file
based
image
with
apassphra
se
only
and
no
key.
Inth
iscase
itis
not
necessary
tocarr
yth
eadditio
nal
key
file
aro
und.
The
pro
cedure
isvery
much
the
sam
eas
above,
sim
ply
without
the
key
file
.Let's
encry
pt
afile
based
image
/cryptedfile
of 1 G
B.
# dd if=/dev/zero of=/cryptedfile bs=1M count=1000
# 1 GB file
# mdconfig -at vnode -f /cryptedfile
# geli init /dev/md0
# encrypts with password only
# geli attach /dev/md0
# newfs -U -m 0 /dev/md0.eli
# mount /dev/md0.eli /mnt
# umount /dev/md0.eli
# geli detach md0.eli
It is n
ow
possib
le t
o m
ount
this
im
age o
n a
n o
ther
syste
m w
ith t
he p
assw
ord
only
.
# mdconfig -at vnode -f /cryptedfile
# geli attach /dev/md0
# mount /dev/md0.eli /mnt
— E
ncry
pt
Part
itio
ns —
29
11
SS
L C
ER
TI
FI
CA
TE
S
So
calle
dSSL/T
LS
certific
ate
sare
cry
pto
gra
phic
public
key
certific
ate
sand
are
com
posed
of
apublic
and
apriv
ate
key.
The
certific
ate
sare
used
toauth
entic
ate
the
endpoin
tsand
encry
pt
the
data
. They a
re u
sed fo
r exam
ple
on a
web s
erv
er (h
ttps) o
r mail s
erv
er (im
aps).
11
.1P
ro
ce
du
re
•W
eneed
acertific
ate
auth
ority
tosig
nour
certific
ate
.This
ste
pis
usually
pro
vid
ed
by
avendor lik
e T
haw
te, V
eris
ign, e
tc., h
ow
ever w
e c
an a
lso c
reate
our o
wn.
•Cre
ate
acertific
ate
sig
nin
gre
quest.
This
request
islik
ean
unsig
ned
certific
ate
(the
public
part)
and
alre
ady
conta
ins
all
necessary
info
rmatio
n.
The
certific
ate
request
isnorm
ally
sent
toth
eauth
ority
vendor
for
sig
nin
g.
This
ste
pals
ocre
ate
sth
epriv
ate
key
on th
e lo
cal m
achin
e.
•Sig
n th
e c
ertific
ate
with
the c
ertific
ate
auth
ority
.•
Ifnecessary
join
the
certific
ate
and
the
key
ina
sin
gle
fileto
be
used
by
the
applic
atio
n(w
eb s
erv
er, m
ail s
erv
er e
tc.).
11
.2C
on
fig
ure
Op
en
SS
L
We
use
/usr/lo
cal/c
erts
as
dire
cto
ryfo
rth
isexam
ple
check
or
edit
/etc
/ssl/o
penssl.c
nf
accord
ingly
toyour
settin
gs
so
you
know
where
the
files
will
be
cre
ate
d.
Here
are
the
rele
vant
part o
f openssl.c
nf:
[ CA_default ]
dir = /usr/local/certs/CA
# Where everything is kept
certs = $dir/certs
# Where the issued certs are kept
crl_dir = $dir/crl
# Where the issued crl are kept
database = $dir/index.txt
# database index file.
Make s
ure
the d
irecto
ries e
xis
t or c
reate
them
# mkdir -p /usr/local/certs/CA
# cd /usr/local/certs/CA
# mkdir certs crl newcerts private
# echo "01" > serial
# Only if serial does not exist
# touch index.txt
11
.3C
re
ate
a c
ertif
ica
te
au
th
orit
y
Ifyou
do
not
have
acertific
ate
auth
ority
from
avendor,
you'll
have
tocre
ate
your
ow
n.
This
ste
pis
not
necessary
ifone
inte
nd
touse
avendor
tosig
nth
ere
quest.
To
make
acertific
ate
auth
ority
(CA):
# openssl req -new -x509 -days 730 -config /etc/ssl/openssl.cnf \
-keyout CA/private/cakey.pem -out CA/cacert.pem
11
.4C
re
ate
a c
ertif
ica
te
sig
nin
g r
eq
ue
st
To
make
anew
certific
ate
(for
mail
serv
er
or
web
serv
er
for
exam
ple
),firs
tcre
ate
are
quest
certific
ate
with
itspriv
ate
key.
Ifyour
applic
atio
ndo
not
support
encry
pte
dpriv
ate
key
(for
exam
ple
UW
-IMAP d
oes n
ot), th
en d
isable
encry
ptio
n w
ith-nodes.
# openssl req -new -keyout newkey.pem -out newreq.pem \
-config /etc/ssl/openssl.cnf
# openssl req -nodes -new -keyout newkey.pem -out newreq.pem \
-config /etc/ssl/openssl.cnf
# No encryption for the key
— S
SL C
ertific
ate
s —
30
# cmd 1> file
# Redirect stdout to file.
# cmd 2> file
# Redirect stderr to file.
# cmd 1>> file
# Redirect and append stdout to file.
# cmd &> file
# Redirect both stdout and stderr to file.
# cmd >file 2>&1
# Redirects stderr to stdout and then to file.
# cmd1 | cmd2
# pipe stdout to cmd2
# cmd1 2>&1 | cmd2
# pipe stdout and stderr to cmd2
Modify
your
config
ura
tion
in~
/.bashrc
(itcan
als
obe
~/.b
ash_pro
file).
The
follo
win
gentrie
sare
usefu
l, relo
ad w
ith ". .b
ashrc
".
# in .bashrc
bind '"\e[A"':history-search-backward
# Use up and down arrow to search
bind '"\e[B"':history-search-forward
# the history. Invaluable!
set -o emacs
# Set emacs mode in bash (see below)
set bell-style visible
# Do not beep, inverse colors
# Set a nice prompt like [user@host]/path/todir>
PS1="\[\033[1;30m\][\[\033[1;34m\]\u\[\033[1;30m\]"
PS1="$PS1@\[\033[0;33m\]\h\[\033[1;30m\]]\[\033[0;37m\]"
PS1="$PS1\w\[\033[1;30m\]>\[\033[0m\]"
# To check the currently active aliases, simply type alias
alias ls='ls -aF'
# Append indicator (one of */=>@|)
alias ll='ls -aFls'
# Listing
alias la='ls -all'
alias ..='cd ..'
alias ...='cd ../..'
export HISTFILESIZE=5000
# Larger history
export CLICOLOR=1
# Use colors (if possible)
export LSCOLORS=ExGxFxdxCxDxDxBxBxExEx
20
.2tc
sh
Redire
cts
and p
ipes fo
r tcsh a
nd c
sh (s
imple
> a
nd >
> a
re th
e s
am
e a
s s
h):
# cmd >& file
# Redirect both stdout and stderr to file.
# cmd >>& file
# Append both stdout and stderr to file.
# cmd1 | cmd2
# pipe stdout to cmd2
# cmd1 |& cmd2
# pipe stdout and stderr to cmd2
The s
ettin
gs fo
r csh/tc
sh a
re s
et in
~/.cshrc, re
load w
ith "s
ourc
e .c
shrc
". Exam
ple
s:
# in .cshrc
alias ls 'ls -aF'
alias ll 'ls -aFls'
alias la 'ls -all'
alias .. 'cd ..'
alias ... 'cd ../..'
set prompt = "%B%n%b@%B%m%b%/> "
# like user@host/path/todir>
set history = 5000
set savehist = ( 6000 merge )
set autolist
# Report possible completions with tab
set visiblebell
# Do not beep, inverse colors
# Bindkey and colors
bindkey -e Select Emacs bindings
# Use emacs keys to edit the command prompt
bindkey -k up history-search-backward
# Use up and down arrow to search
bindkey -k down history-search-forward
setenv CLICOLOR 1
# Use colors (if possible)
setenv LSCOLORS ExGxFxdxCxDxDxBxBxExEx
The
em
acs
mode
enable
sto
use
the
em
acs
keys
shortc
uts
tom
odify
the
com
mand
pro
mpt
line.
This
is e
xtre
mely
usefu
l (not o
nly
for e
macs u
sers
). The m
ost u
sed c
om
mands a
re:
C-a
Move c
urs
or to
begin
nin
g o
f line
C-e
Move c
urs
or to
end o
f line
— S
hells
—
47
19
.3A
ss
ign
qu
ota
lim
its
The
quota
sare
not
lim
ited
per
defa
ult
(set
to0).
The
lim
its
are
set
withedquota
for
sin
gle
users
.A
quota
can
be
als
oduplicate
dto
many
users
.The
file
str
uctu
reis
diffe
rent
betw
een
the
quota
imple
menta
tions,
but
the
princip
leis
the
sam
e:
the
valu
es
of
blo
cks
and
inodes
can
be
lim
ited.
Only
change
the
valu
es
of
soft
and
hard
.If
not
specifie
d,
the
blo
cks
are
1k.
The
gra
ce
period is s
et
withedquota -t.
For
exam
ple
:
# edquota -u colin
Lin
ux
Disk quotas for user colin (uid 1007):
Filesystem blocks soft hard inodes soft hard
/dev/sda8 108 1000 2000 1 0 0
Fre
eB
SD
Quotas for user colin:
/home: kbytes in use: 504184, limits (soft = 700000, hard = 800000)
inodes in use: 1792, limits (soft = 0, hard = 0)
Fo
r m
an
y u
se
rs
The
com
mandedquota
-p
isused
toduplicate
aquota
tooth
er
users
.For
exam
ple
toduplicate
a r
efe
rence q
uota
to a
ll u
sers
:
# edquota -p refuser `awk -F: '$3 > 499 {print $1}' /etc/passwd`
# edquota -p refuser user1 user2
# Duplicate to 2 users
Ch
eck
s
Users
can
check
their
quota
by
sim
ply
typin
gquota
(the
file
quota
.user
must
be
readable
).Root
can c
heck a
ll q
uota
s.
# quota -u colin
# Check quota for a user
# repquota /home
# Full report for the partition for all users
20
SH
EL
LS
Most
Lin
ux
dis
trib
utions
use
the
bash
shell
while
the
BSD
suse
tcsh,
the
bourn
eshell
isonly
used for
scripts
. Filte
rs a
re v
ery
usefu
l and c
an b
e p
iped:
grep
Patt
ern
matc
hin
g
sed
Searc
h a
nd R
epla
ce s
trin
gs o
r chara
cte
rs
cut
Print
specific
colu
mns fro
m a
mark
er
sort
Sort
alp
habetically o
r num
erically
uniq
Rem
ove d
uplicate
lin
es fro
m a
file
For
exam
ple
used a
ll a
t once:
# ifconfig | sed 's/ / /g' | cut -d" " -f1 | uniq | grep -E "[a-z0-9]+" | sort -r
# ifconfig | sed '/.*inet addr:/!d;s///;s/ .*//'|sort -t. -k1,1n -k2,2n -k3,3n -k4,4n
The first
chara
cte
r in
the s
ed p
att
ern
is a
tab.
To w
rite
a t
ab o
n t
he c
onsole
, use c
trl-
v c
trl-
tab.
20
.1b
as
h
Redirects
and p
ipes for
bash a
nd s
h:
— S
hells —
46
11
.5S
ign
th
e c
ertif
ica
te
The
cert
ific
ate
request
has
tobe
sig
ned
by
the
CA
tobe
valid,
this
ste
pis
usually
done
by
the
vendor.
Note
: re
pla
ce "
serv
ern
am
e"
with t
he n
am
e o
f your
serv
er
in t
he n
ext
com
mands.
# cat newreq.pem newkey.pem > new.pem
# openssl ca -policy policy_anything -out servernamecert.pem \
-config /etc/ssl/openssl.cnf -infiles new.pem
# mv newkey.pem servernamekey.pem
Now
serv
ern
am
ekey.p
em
is t
he p
rivate
key a
nd s
erv
ern
am
ecert
.pem
is t
he s
erv
er
cert
ific
ate
.
11
.6C
re
ate
un
ite
d c
ertif
ica
te
The
IMAP
serv
er
wants
tohave
both
private
key
and
serv
er
cert
ific
ate
inth
esam
efile
.And
ingenera
l,th
isis
als
oeasie
rto
handle
,but
the
file
has
tobe
kept
secure
ly!.
Apache
als
ocan
deal
with it
well.
Cre
ate
a file s
erv
ern
am
e.p
em
conta
inin
g b
oth
the c
ert
ific
ate
and k
ey.
•O
pen
the
private
key
(serv
ern
am
ekey.p
em
)w
ith
ate
xt
editor
and
copy
the
private
key
into
the "
serv
ern
am
e.p
em
" file
.•
Do t
he s
am
e w
ith t
he s
erv
er
cert
ific
ate
(serv
ern
am
ecert
.pem
).The fin
al serv
ern
am
e.p
em
file s
hould
look lik
e t
his
:
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDutWy+o/XZ/[...]qK5LqQgT3c9dU6fcR+WuSs6aejdEDDqBRQ
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIERzCCA7CgAwIBAgIBBDANB[...]iG9w0BAQQFADCBxTELMAkGA1UEBhMCREUx
-----END CERTIFICATE-----
What
we h
ave n
ow
in t
he d
irecto
ry /
usr/
local/
cert
s/:
CA/p
rivate
/cakey.p
em
(CA s
erv
er
private
key)
CA/c
acert
.pem
(CA s
erv
er
public k
ey)
cert
s/s
erv
ern
am
ekey.p
em
(serv
er
private
key)
cert
s/s
erv
ern
am
ecert
.pem
(serv
er
sig
ned c
ert
ific
ate
)cert
s/s
erv
ern
am
e.p
em
(serv
er
cert
ific
ate
with p
rivate
key)
Keep t
he p
rivate
key s
ecure
!
11
.7V
iew
ce
rtif
ica
te
in
fo
rm
atio
n
To v
iew
the c
ert
ific
ate
info
rmation s
imply
do:
# openssl x509 -text -in servernamecert.pem
# View the certificate info
# openssl req -noout -text -in server.csr
# View the request info
12
CV
S
Serv
er
setu
p(p
31)
|CVS t
est
(p33)
|SSH
tunneling
(p33)
|CVS u
sage
(p34)
12
.1S
erv
er s
etu
p
In
itia
te
th
e C
VS
Decid
ew
here
the
main
repository
willre
st
and
cre
ate
aro
ot
cvs.
For
exam
ple
/usr/
local/
cvs
(as
root)
:
# mkdir -p /usr/local/cvs
# setenv CVSROOT /usr/local/cvs
# Set CVSROOT to the new location (local)
# cvs init
# Creates all internal CVS config files
# cd /root
— C
VS —
31
# cvs checkout CVSROOT
# Checkout the config files to modify them
# cd CVSROOT
edit config ( fine as it is)
# cvs commit config
cat >> writers
# Create a writers file (optionally also readers)
colin
^D
# Use [Control][D] to quit the edit
# cvs add writers
# Add the file writers into the repository
# cvs edit checkoutlist
# cat >> checkoutlist
writers
^D
# Use [Control][D] to quit the edit
# cvs commit
# Commit all the configuration changes
Add
aread
ers
fileif
you
want
todiffe
rentia
tere
ad
and
write
perm
issio
ns
Note
:D
onot
(ever)
edit
files
dire
ctly
into
the
main
cvs,
but
rath
er
checkout
the
file,
modify
itand
check
itin
.W
edid
this
with
the file
write
rs
to d
efin
e th
e w
rite a
ccess.
There
are
thre
epopula
rw
ays
toaccess
the
CVS
at
this
poin
t.The
first
two
don't
need
any
furth
er c
onfig
ura
tion. S
ee th
e e
xam
ple
s o
nCVSRO
OT
belo
w fo
r how
to u
se th
em
:•
Dire
ct
local
access
toth
efile
syste
m.
The
user(s
)need
suffic
ient
fileperm
issio
nto
access
the
CS
dire
ctly
and
there
isno
furth
er
auth
entic
atio
nin
additio
nto
the
OS
login
.H
ow
ever th
is is
only
usefu
l if the re
posito
ry is
local.
•Rem
ote
access
with
ssh
with
the
ext
pro
tocol.
Any
use
with
an
ssh
shell
account
and
read/w
riteperm
issio
ns
on
the
CVS
serv
er
can
access
the
CVS
dire
ctly
with
ext
over
ssh
with
out
any
additio
naltu
nnel.
There
isno
serv
er
pro
cess
runnin
gon
the
CVS
for
this
tow
ork
. The s
sh lo
gin
does th
e a
uth
entic
atio
n.
•Rem
ote
access
with
pserv
er.
This
isth
epre
ferre
duse
for
larg
er
user
base
as
the
users
are
auth
entic
ate
dby
the
CVS
pserv
er
with
adedic
ate
dpassw
ord
data
base,
there
isth
ere
fore
no n
eed fo
r local u
sers
accounts
. This
setu
p is
expla
ined b
elo
w.
Ne
tw
ork
se
tu
p w
ith
ine
td
The
CVS
can
be
run
locally
only
ifa
netw
ork
access
isnot
needed.
For
are
mote
access,
the
daem
on
inetd
can
sta
rtth
epserv
er
with
the
follo
win
glin
ein
/etc
/inetd
.conf
(/etc
/xin
etd
.d/c
vs
on S
uSE):
cvspserver stream tcp nowait cvs /usr/bin/cvs cvs \
--allow-root=/usr/local/cvs pserver
Itis
agood
idea
toblo
ck
the
cvs
port
from
the
Inte
rnet
with
the
firew
all
and
use
an
ssh
tunnel
to a
ccess th
e re
posito
ry re
mote
ly.
Se
pa
ra
te
au
th
en
tic
atio
n
Itis
possib
leto
have
cvs
users
whic
hare
not
part
of
the
OS
(no
local
users
).This
isactu
ally
pro
bably
wante
dto
ofro
mth
esecurity
poin
tof
vie
w.
Sim
ply
add
afile
nam
ed
passw
d(in
the
CVSRO
OT
dire
cto
ry)
conta
inin
gth
eusers
login
and
passw
ord
inth
ecry
pt
form
at.
This
iscan
be
done w
ith th
e a
pache h
tpassw
d to
ol.
Note
:This
passw
dfile
isth
eonly
filew
hic
hhas
tobe
edite
ddire
ctly
inth
eCVSRO
OT
dire
cto
ry.
Als
o it w
on't b
e c
hecked o
ut. M
ore
info
with
htp
assw
d --h
elp
# htpasswd -cb passwd user1 password1
# -c creates the file
# htpasswd -b passwd user2 password2
Now
add:cvs
at
the
end
of
each
line
tote
llth
ecvs
serv
er
tochange
the
user
tocvs
(or
whate
ver y
our c
vs s
erv
er is
runnin
g u
nder). It lo
oks lik
e th
is:
# cat passwd
user1:xsFjhU22u8Fuo:cvs
user2:vnefJOsnnvToM:cvs
— C
VS —
32
Du
mp
an
d r
esto
re
It can b
e u
sefu
l to d
um
p a
nd re
sto
re a
n S
QLite
data
base. F
or e
xam
ple
you c
an e
dit th
e d
um
pfile
to c
hange a
colu
mn a
ttribute
or ty
pe a
nd th
en re
sto
re th
e d
ata
base. T
his
is e
asie
r than
messin
g w
ith S
QL c
om
mands. U
se th
e c
om
mandsqlite3
for a
3.x
data
base.
# sqlite database.db .dump > dump.sql
# dump
# sqlite database.db < dump.sql
# restore
Co
nv
ert 2
.x t
o 3
.x d
ata
ba
se
sqlite database_v2.db .dump | sqlite3 database_v3.db
19
DI
SK
Q
UO
TA
Adis
kquota
allo
ws
tolim
itth
eam
ount
of
dis
kspace
and/o
rth
enum
ber
of
files
auser
or
(or
mem
ber
of
gro
up)
can
use.
The
quota
sare
allo
cate
don
aper-file
syste
mbasis
and
are
enfo
rced
by th
e k
ern
el.
19
.1L
inu
x s
etu
p
The q
uota
tools
package u
sually
needs to
be in
sta
lled, it c
onta
ins th
e c
om
mand lin
e to
ols
.Activ
ate
the
user
quota
inth
efs
tab
and
rem
ount
the
partitio
n.
Ifth
epartitio
nis
busy,
eith
er
all
locked
files
must
be
clo
sed,
or
the
syste
mm
ust
be
reboote
d.
Addusrquota
toth
efs
tab
mount
optio
ns, fo
r exam
ple
:
/dev/sda2 /home reiserfs rw,acl,user_xattr,usrquota 1 1
# mount -o remount /home
# mount
# Check if usrquota is active, otherwise reboot
Initia
lize th
e q
uota
.user file
with
quotacheck.
# quotacheck -vum /home
# chmod 644 /home/aquota.user
# To let the users check their own quota
Activ
ate
the
quota
eith
er
with
the
pro
vid
ed
scrip
t(e
.g.
/etc
/init.d
/quota
don
SuSE)
or
with
quotaon:
quotaon -vu /home
Check th
at th
e q
uota
is a
ctiv
e w
ith:
quota -v
19
.2F
re
eB
SD
se
tu
p
The
quota
tools
are
part
of
the
base
syste
m,
how
ever
the
kern
elneeds
the
optio
nquota
.If
itis
not th
ere
, add it a
nd
recom
pile
the k
ern
el.
options QUOTA
As w
ith L
inux, a
dd th
e q
uota
to th
e fs
tab o
ptio
ns (u
serq
uota
, not u
srq
uota
):
/dev/ad0s1d /home ufs rw,noatime,userquota 2 2
# mount /home
# To remount the partition
Enable
dis
k q
uota
s in
/etc
/rc.c
onf a
nd s
tart th
e q
uota
.
# grep quotas /etc/rc.conf
enable_quotas="YES"
# turn on quotas on startup (or NO).
check_quotas="YES"
# Check quotas on startup (or NO).
# /etc/rc.d/quota start
— D
isk Q
uota
—
45
Inth
iscase
the
resto
reis
sta
rted
with
the
data
base
postg
res
whic
his
bett
er
when
relo
adin
gan
em
pty
clu
ste
r.
18
.2M
yS
QL
Ch
an
ge
my
sq
l ro
ot o
r u
se
rn
am
e p
assw
ord
Meth
od 1
# /etc/init.d/mysql stop
or
# killall mysqld
# mysqld --skip-grant-tables
# mysqladmin -u root password 'newpasswd'
# /etc/init.d/mysql start
Meth
od 2
# mysql -u root mysql
mysql>
UPDATE USER SET PASSWORD=PASSWORD("newpassword") where user='root';
mysql>
FLUSH PRIVILEGES;
# Use username instead of "root"
mysql>
quit
Cre
ate
use
r a
nd
da
ta
ba
se
# mysql -u root mysql
mysql>
CREATE DATABASE bobdb;
mysql>
GRANT ALL ON *.* TO 'bob'@'%' IDENTIFIED BY 'pwd';
# Use localhost instead of %
# to restrict the network access
mysql>
DROP DATABASE bobdb;
# Delete database
mysql>
DROP USER bob;
# Delete user
mysql>
DELETE FROM mysql.user WHERE user='bob and host='hostname';
# Alt. command
mysql>
FLUSH PRIVILEGES;
Gra
nt r
em
ote
acce
ss
Rem
ote
access
isty
pic
ally
perm
itte
dfo
ra
data
base,
and
not
all
data
bases.
The
file
/etc/my.cnf
conta
ins t
he I
P a
ddre
ss t
o b
ind t
o.
Typic
ally c
om
ment
the lin
ebind-address =
out.
# mysql -u root mysql
mysql>
GRANT ALL ON bobdb.* TO bob@'xxx.xxx.xxx.xxx' IDENTIFIED BY 'PASSWORD';
mysql>
REVOKE GRANT OPTION ON foo.* FROM bar@'xxx.xxx.xxx.xxx';
mysql>
FLUSH PRIVILEGES;
# Use 'hostname' or also '%' for full access
Ba
ck
up
an
d r
esto
re
Backup a
nd r
esto
re a
sin
gle
data
base:
# mysqldump -u root -psecret --add-drop-database dbname > dbname_sql.dump
# mysql -u root -psecret -D dbname < dbname_sql.dump
Backup a
nd r
esto
re a
ll d
ata
bases:
# mysqldump -u root -psecret --add-drop-database --all-databases > full.dump
# mysql -u root -psecret < full.dump
Here
is"s
ecre
t"th
em
ysqlro
ot
passw
ord
,th
ere
isno
space
aft
er
-p.
When
the
-poption
isused
alo
ne (
w/o
passw
ord
), t
he p
assw
ord
is a
sked a
t th
e c
om
mand p
rom
pt.
18
.1S
QL
ite
SQ
Lite
14
is a
sm
all p
ow
erf
ull s
elf-c
ontined,
serv
erless,
zero
-configura
tion S
QL d
ata
base.
14.h
ttp:/
/ww
w.s
qlite
.org
— D
ata
bases —
44
12
.2T
es
t i
t
Test
the login
as n
orm
al user
(for
exam
ple
here
me)
# cvs -d :pserver:[email protected]:/usr/local/cvs login
Logging in to :pserver:[email protected]:2401/usr/local/cvs
CVS password:
CV
SR
OO
T v
aria
ble
This
isan
environm
ent
variable
used
tospecify
the
location
of
the
repository
we're
doin
gopera
tions
on.
For
local
use,
itcan
be
just
set
toth
edirecto
ryof
the
repository
.For
use
over
the
netw
ork
,th
etr
ansport
pro
tocol
must
be
specifie
d.
Set
the
CVSRO
OT
variable
withsetenv
CVSROOT string
on a
csh,
tcsh s
hell,
or
withexport CVSROOT=string
on a
sh,
bash s
hell.
# setenv CVSROOT :pserver:<username>@<host>:/cvsdirectory
For example:
# setenv CVSROOT /usr/local/cvs
# Used locally only
# setenv CVSROOT :local:/usr/local/cvs
# Same as above
# setenv CVSROOT :ext:user@cvsserver:/usr/local/cvs
# Direct access with SSH
# setenv CVS_RSH ssh
# for the ext access
# setenv CVSROOT :pserver:[email protected]:/usr/local/cvs
# network with pserver
When
the
login
succeeded
one
can
import
anew
pro
ject
into
the
repository
:cd
into
your
pro
ject
root
directo
ry
cvs import <module name> <vendor tag> <initial tag>
cvs -d :pserver:[email protected]:/usr/local/cvs import MyProject MyCompany START
Where
MyPro
ject
isth
enam
eof
the
new
pro
ject
inth
ere
pository
(used
late
rto
checkout)
.Cvs
will im
port
the c
urr
ent
directo
ry c
onte
nt
into
the n
ew
pro
ject.
To c
heckout:
# cvs -d :pserver:[email protected]:/usr/local/cvs checkout MyProject
or
# setenv CVSROOT :pserver:[email protected]:/usr/local/cvs
# cvs checkout MyProject
12
.3S
SH
tu
nn
eli
ng
fo
r C
VS
We
need
2shells
for
this
.O
nth
efirs
tshell
we
connect
toth
ecvs
serv
er
with
ssh
and
port
-forw
ard
the
cvs
connection.
On
the
second
shell
we
use
the
cvs
norm
ally
as
ifit
where
runnin
g locally.
on s
hell 1
:
# ssh -L2401:localhost:2401 colin@cvs_server
# Connect directly to the CVS server. Or:
# ssh -L2401:cvs_server:2401 colin@gateway
# Use a gateway to reach the CVS
on s
hell 2
:
# setenv CVSROOT :pserver:colin@localhost:/usr/local/cvs
# cvs login
Logging in to :pserver:colin@localhost:2401/usr/local/cvs
CVS password:
# cvs checkout MyProject/src
— C
VS —
33
12
.4C
VS
co
mm
an
ds
an
d u
sa
ge
Im
po
rt
The
import
com
mand
isused
toadd
aw
hole
dire
cto
ry,
itm
ust
be
run
from
with
inth
edire
cto
ryto
be
importe
d.
Say
the
dire
cto
ry/d
evel/
conta
ins
all
files
and
subdire
cto
ries
tobe
importe
d.
The d
irecto
ry n
am
e o
n th
e C
VS (th
e m
odule
) will b
e c
alle
d "m
yapp".
# cvs import [options] directory-name vendor-tag release-tag
# cd /devel
# Must be inside the project to import it
# cvs import myapp Company R1_0
# Release tag can be anything in one word
Afte
r a w
hile
a n
ew
dire
cto
ry "/d
evel/to
ols
/" was a
dded a
nd it h
as to
be im
porte
d to
o.
# cd /devel/tools
# cvs import myapp/tools Company R1_0
Ch
eck
ou
t u
pd
ate
ad
d c
om
mit
# cvs co myapp/tools
# Will only checkout the directory tools
# cvs co -r R1_1 myapp
# Checkout myapp at release R1_1 (is sticky)
# cvs -q -d update -P
# A typical CVS update
# cvs update -A
# Reset any sticky tag (or date, option)
# cvs add newfile
# Add a new file
# cvs add -kb newfile
# Add a new binary file
# cvs commit file1 file2
# Commit the two files only
# cvs commit -m "message"
# Commit all changes done with a message
Cre
ate
a p
atch
Itis
best
tocre
ate
and
apply
apatc
hfro
mth
ew
ork
ing
develo
pm
ent
dire
cto
ryre
late
dto
the
pro
ject, o
r from
with
in th
e s
ourc
e d
irecto
ry.
# cd /devel/project
# diff -Naur olddir newdir > patchfile
# Create a patch from a directory or a file
# diff -Naur oldfile newfile > patchfile
Ap
ply
a p
atch
Som
etim
es
itis
necessary
tostrip
adire
cto
ryle
vel
from
the
patc
h,
dependin
ghow
itw
as
cre
ate
d. In
case o
f diffic
ultie
s, s
imply
look a
t the firs
t lines o
f the p
atc
h a
nd try
-p0, -p
1 o
r -p2.
# cd /devel/project
# patch --dry-run -p0 < patchfile
# Test the path without applying it
# patch -p0 < patchfile
# patch -p1 < patchfile
# strip off the 1st level from the path
13
SV
N
Serv
er s
etu
p(p
34)
|SVN
+SSH
(p35)
|SVN
over h
ttp(p
35)
|SVN
usage
(p36)
Subvers
ion
(SVN
)9
isa
vers
ion
contro
lsyste
mdesig
ned
tobe
the
successor
of
CVS
(Concurre
nt
Vers
ions
Syste
m).
The
concept
issim
ilar
toCVS,
but
many
shortc
om
ings
where
impro
ved.
See
als
o th
eSVN
book
10.
13
.1S
erv
er s
etu
p
The in
itiatio
n o
f the re
posito
ry is
fairly
sim
ple
(here
for e
xam
ple
/home/svn/
must e
xis
t):
# svnadmin create --fs-type fsfs /home/svn/project1
9.h
ttp://s
ubvers
ion.tig
ris.o
rg/
10.h
ttp://s
vnbook.re
d-b
ean.c
om
/en/1
.4/
— S
VN
—
34
17
PR
IN
TI
NG
17
.1P
rin
t w
ith
lpr
# lpr unixtoolbox.ps
# Print on default printer
# export PRINTER=hp4600
# Change the default printer
# lpr -Php4500 #2 unixtoolbox.ps
# Use printer hp4500 and print 2 copies
# lpr -o Duplex=DuplexNoTumble ...
# Print duplex along the long side
# lpr -o PageSize=A4,Duplex=DuplexNoTumble ...
# lpq
# Check the queue on default printer
# lpq -l -Php4500
# Queue on printer hp4500 with verbose
# lprm -
# Remove all users jobs on default printer
# lprm -Php4500 3186
# Remove job 3186. Find job nbr with lpq
# lpc status
# List all available printers
# lpc status hp4500
# Check if printer is online and queue length
18
DA
TA
BA
SE
S
18
.1P
os
tg
re
SQ
L
Ch
an
ge
ro
ot o
r a
use
rn
am
e p
assw
ord
# psql -d template1 -U pgsql
> alter user pgsql with password 'pgsql_password';
# Use username instead of "pgsql"
Cre
ate
use
r a
nd
da
ta
ba
se
The
com
mands
createuser,
dropuser,
createdb
and
dropdb
are
convenie
nt
shortc
uts
equiv
ale
nt
toth
eSQ
Lcom
mands.
The
new
user
isbob
with
data
base
bobdb
;use
as
root
with
pgsql th
e d
ata
base s
uper u
ser:
# createuser -U pgsql -P bob
# -P will ask for password
# createdb -U pgsql -O bob bobdb
# new bobdb is owned by bob
# dropdb bobdb
# Delete database bobdb
# dropuser bob
# Delete user bob
The g
enera
l data
base a
uth
entic
atio
n m
echanis
m is
config
ure
d in
pg_hba.c
onf
Gra
nt r
em
ote
acce
ss
The
file$PGSQL_DATA_D/postgresql.conf
specifie
sth
eaddre
ss
tobin
dto
.Typic
ally
listen_addresses = '*'
for P
ostg
res 8
.x.
The file
$PGSQL_DATA_D/pg_hba.conf
defin
es th
e a
ccess c
ontro
l. Exam
ple
s:
# TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
host bobdb bob 212.117.81.42 255.255.255.255 password
host all all 0.0.0.0/0 password
Ba
ck
up
an
d r
esto
re
The
backups
and
resto
reare
done
with
the
user
pgsqlor
postg
res.
Backup
and
resto
rea
sin
gle
data
base:
# pg_dump --clean dbname > dbname_sql.dump
# psql dbname < dbname_sql.dump
Backup a
nd re
sto
re a
ll data
bases (in
clu
din
g u
sers
):
# pg_dumpall --clean > full.dump
# psql -f full.dump postgres
— P
rintin
g —
43
# iconv -f <from_encoding> -t <to_encoding> <input_file>
# iconv -f ISO8859-1 -t UTF-8 -o file.input > file_utf8
# iconv -l
# List known coded character sets
Without
the
-foption,
iconv
will
use
the
local
char-
set,
whic
his
usually
fine
ifth
edocum
ent
dis
pla
ys w
ell.
16
.2U
nix
- D
OS
ne
wli
ne
s
Convert
DO
S(C
R/L
F)
toU
nix
(LF)
new
lines
within
aU
nix
shell.
See
als
odos2unix
andunix2dos
if y
ou h
ave t
hem
.
# sed 's/.$//' dosfile.txt > unixfile.txt
Convert
Unix
to D
OS n
ew
lines w
ithin
a W
indow
s e
nvironm
ent.
Use s
ed fro
m m
ingw
or
cygw
in.
# sed -n p unixfile.txt > dosfile.txt
16
.3P
DF
to
Jp
eg
an
d c
on
ca
te
na
te
PD
F f
ile
s
Convert
aPD
Fdocum
ent
withgs
(GhostS
cript)
tojp
eg
(or
png)
images
for
each
page.
Als
o
much s
hort
er
withconvert
(fro
m I
mageM
agic
k o
r G
raphic
sM
agic
k).
# gs -dBATCH -dNOPAUSE -sDEVICE=jpeg -r150 -dTextAlphaBits=4 -dGraphicsAlphaBits=4 \
-dMaxStripSize=8192 -sOutputFile=unixtoolbox_%d.jpg unixtoolbox.pdf
# convert unixtoolbox.pdf unixtoolbox-%03d.png
# convert *.jpeg images.pdf
# Create a simple PDF with all pictures
Ghosts
cript
can a
lso c
oncate
nate
multip
le p
df file
s into
a s
ingle
one.
# gs -q -sPAPERSIZE=a4 -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sOutputFile=all.pdf \
file1.pdf file2.pdf ...
# On Windows use '#' instead of '='
16
.4C
on
ve
rt v
ide
o
Com
pre
ss t
he C
anon d
igic
am
vid
eo w
ith a
n m
peg4 c
odec a
nd r
epair t
he c
rappy s
ound.
# mencoder -o videoout.avi -oac mp3lame -ovc lavc -srate 11025 \
-channels 1 -af-adv force=1 -lameopts preset=medium -lavcopts \
vcodec=msmpeg4v2:vbitrate=600 -mc 0 vidoein.AVI
16
.5C
op
y a
n a
ud
io c
d
The
pro
gra
mcdparanoia
13
can
save
the
audio
tracks
(Fre
eBSD
port
inaudio
/cdpara
noia
/),
oggenc
can e
ncode in O
gg V
orb
is form
at,lame
convert
s t
o m
p3.
# cdparanoia -B
# Copy the tracks to wav files in current dir
# lame -b 256 in.wav out.mp3
# Encode in mp3 256 kb/s
# for i in *.wav; do lame -b 256 $i `basename $i .wav`.mp3; done
# oggenc in.wav -b 256 out.ogg
# Encode in Ogg Vorbis 256 kb/s
13.h
ttp:/
/xip
h.o
rg/p
ara
noia
/
— C
onvert
Media
—
42
Now
the a
ccess t
o t
he r
epository
is m
ade p
ossib
le w
ith:
•file://
Direct
file
syste
maccess
with
the
svn
client
with.
This
requires
local
perm
issio
ns o
n t
he file s
yste
m.
•svn://
orsvn+ssh://
Rem
ote
access
with
the
svnserv
eserv
er
(als
oover
SSH
).This
requires local perm
issio
ns o
n t
he file s
yste
m.
•http://
Rem
ote
access
with
webdav
usin
gapache.
No
localusers
are
necessary
for
this
meth
od.
Usin
gth
elo
calfile
syste
m,
itis
now
possib
leto
import
and
then
check
out
an
exis
ting
pro
ject.
Unlike w
ith C
VS it
is n
ot
necessary
to c
d into
the p
roje
ct
directo
ry,
sim
ply
giv
e t
he full p
ath
:
# svn import /project1/ file:///home/svn/project1/trunk -m 'Initial import'
# svn checkout file:///home/svn/project1
The n
ew
directo
ry "
trunk"
is o
nly
a c
onvention,
this
is n
ot
required.
Re
mo
te
acce
ss w
ith
ssh
No
specia
lsetu
pis
required
toaccess
the
repository
via
ssh,
sim
ply
repla
ce
file://
with
svn+ssh/hostname.
For
exam
ple
:
# svn checkout svn+ssh://hostname/home/svn/project1
As
with
the
localfile
access,
every
user
needs
an
ssh
access
toth
eserv
er
(with
alo
calaccount)
and
als
ore
ad/w
rite
access.
This
meth
od
mig
ht
be
suitable
for
asm
all
gro
up.
All
users
could
belo
ng t
o a
subvers
ion g
roup w
hic
h o
wns t
he r
epository
, fo
r exam
ple
:
# groupadd subversion
# groupmod -A user1 subversion
# chown -R root:subversion /home/svn
# chmod -R 770 /home/svn
Re
mo
te
acce
ss w
ith
http
(a
pa
ch
e)
Rem
ote
access
over
htt
p(h
ttps)
isth
eonly
good
solu
tion
for
ala
rger
user
gro
up.
This
meth
od
uses
the
apache
auth
entication,
not
the
local
accounts
.This
isa
typic
al
but
sm
all
apache
configura
tion:
LoadModule dav_module modules/mod_dav.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
# Only for access control
<Location /svn>
DAV svn
# any "/svn/foo" URL will map to a repository /home/svn/foo
SVNParentPath /home/svn
AuthType Basic
AuthName "Subversion repository"
AuthzSVNAccessFile /etc/apache2/svn.acl
AuthUserFile /etc/apache2/svn-passwd
Require valid-user
</Location>
The a
pache s
erv
er
needs full a
ccess t
o t
he r
epository
:
# chown -R www:www /home/svn
Cre
ate
a u
ser
with h
tpassw
d2:
# htpasswd -c /etc/svn-passwd user1
# -c creates the file
Access c
ontr
ol
svn.a
cl
exam
ple
# Default it read access. "* =" would be default no access
[/]
* = r
[groups]
— S
VN
—
35
project1-developers = joe, jack, jane
# Give write access to the developers
[project1:]
@project1-developers = rw
13
.2S
VN
co
mm
an
ds
an
d u
sa
ge
See a
lso th
eSubvers
ion Q
uic
k R
efe
rence C
ard
11.
Torto
ise S
VN
12
is a
nic
e W
indow
s in
terfa
ce.
Im
po
rt
Anew
pro
ject,
that
isa
dire
cto
ryw
ithsom
efile
s,
isim
porte
din
toth
ere
posito
ryw
ithth
eimport
com
mand. Im
port is
als
o u
sed to
add a
dire
cto
ry w
ith its
conte
nt to
an e
xis
ting p
roje
ct.
# svn help import
# Get help for any command
# Add a new directory (with content) into the src dir on project1
# svn import /project1/newdir http://host.url/svn/project1/trunk/src -m 'add newdir'
Ty
pic
al S
VN
co
mm
an
ds
# svn co http://host.url/svn/project1/trunk
# Checkout the most recent version
# Tags and branches are created by copying
# svn mkdir http://host.url/svn/project1/tags/
# Create the tags directory
# svn copy -m "Tag rc1 rel." http://host.url/svn/project1/trunk \
http://host.url/svn/project1/tags/1.0rc1
# svn status [--verbose]
# Check files status into working dir
# svn add src/file.h src/file.cpp
# Add two files
# svn commit -m 'Added new class file'
# Commit the changes with a message
# svn ls http://host.url/svn/project1/tags/
# List all tags
# svn move foo.c bar.c
# Move (rename) files
# svn delete some_old_file
# Delete files
14
US
EF
UL
C
OM
MA
ND
S
less
(p36)
|vi
(p37)
|m
ail
(p37)
|ta
r(p
37)
|dd
(p38)
|scre
en
(p39)
|fin
d(p
40)
|M
iscella
neous
(p40)
14
.1le
ss
Theless
com
mand d
ispla
ys a
text d
ocum
ent o
n th
e c
onsole
. It is p
resent o
n m
ost in
sta
llatio
n.
# less unixtoolbox.xhtml
Som
e im
porta
nt c
om
mands a
re (^
N s
tands fo
r [contro
l]-[N]):
h H
good h
elp
on d
ispla
yf ^
F ^
V S
PA
CE
Forw
ard
one w
indow
(or N
lines).
b ^
B E
SC
-vBackw
ard
one w
indow
(or N
lines).
FForw
ard
fore
ver; lik
e "ta
il -f"./
patte
rn
Searc
h fo
rward
for (N
-th) m
atc
hin
g lin
e.
?p
atte
rn
Searc
h b
ackw
ard
for (N
-th) m
atc
hin
g lin
e.
nRepeat p
revio
us s
earc
h (fo
r N-th
occurre
nce).
NRepeat p
revio
us s
earc
h in
revers
e d
irectio
n.
qquit
11.h
ttp://w
ww
.cs.p
ut.p
oznan.p
l/csobanie
c/P
apers
/svn-re
fcard
.pdf
12.h
ttp://to
rtois
esvn.tig
ris.o
rg
— U
sefu
l Com
mands —
36
# pkg_info -W smbd
# FreeBSD show which package smbd belongs to
# pkginfo
# Solaris
15
.2A
dd
/re
mo
ve
so
ftw
are
Fro
nt e
nds: y
ast2
/yast fo
r SuSE, re
dhat-c
onfig
-packages fo
r Red H
at.
# rpm -i pkgname.rpm
# install the package (RH, SuSE, RPM based)
# rpm -e pkgname
# Remove package
De
bia
n
# apt-get update
# First update the package lists
# apt-get install emacs
# Install the package emacs
# dpkg --remove emacs
# Remove the package emacs
Fre
eB
SD
# pkg_add -r rsync
# Fetch and install rsync.
# pkg_delete /var/db/pkg/rsync-xx
# Delete the rsync package
Set w
here
the p
ackages a
re fe
tched fro
m w
ith th
ePACKAGESITE
varia
ble
. For e
xam
ple
:
# export PACKAGESITE=ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages/Latest/
# or ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/Latest/
Fre
eB
SD
po
rts
The
port
tree/usr/ports/
isa
colle
ctio
nof
softw
are
ready
tocom
pile
and
insta
ll.The
ports
are
update
d w
ith th
e p
rogra
mportsnap.
# portsnap fetch extract
# Create the tree when running the first time
# portsnap fetch update
# Update the port tree
# cd /usr/ports/net/rsync/
# Select the package to install
# make install distclean
# Install and cleanup (also see man ports)
# make package
# Make a binary package for the port
15
.3L
ibra
ry
pa
th
Due
tocom
ple
xdependencie
sand
runtim
elin
kin
g,
pro
gra
ms
are
diffic
ult
tocopy
toan
oth
er
syste
mor
dis
tributio
n.
How
ever
for
sm
all
pro
gra
ms
with
littledependencie
s,
the
mis
sin
glib
rarie
scan
be
copie
dover.
The
runtim
elib
rarie
s(a
nd
the
mis
sin
gone)
are
checked
with
ldd
and m
anaged w
ithldconfig.
# ldd /usr/bin/rsync
# List all needed runtime libraries
# ldconfig -n /path/to/libs/
# Add a path to the shared libraries directories
# ldconfig -m /path/to/libs/
# FreeBSD
# LD_LIBRARY_PATH
# The variable set the link library path
16
CO
NV
ER
T M
ED
IA
Som
etim
es o
ne s
imply
need to
convert a
vid
eo, a
udio
file o
r docum
ent to
anoth
er fo
rmat.
16
.1T
ex
t e
nc
od
ing
Text
encodin
gcan
get
tota
llyw
rong,
specia
llyw
hen
the
language
require
sspecia
lchara
cte
rslik
e à
äç. T
he c
om
mandiconv
can c
onvert fro
m o
ne e
ncodin
g to
an o
ther.
— C
onvert M
edia
—
41
The
scre
en
sessio
nis
term
inate
dw
hen
the
pro
gra
mw
ithin
the
runnin
gte
rmin
al
isclo
sed
and
you logout
from
the t
erm
inal.
14
.7F
ind
Som
e im
port
ant
options:
-x
(on B
SD
)-xdev
(on L
inux)
Sta
y o
n t
he s
am
e file s
yste
m (
dev in fsta
b).
-exec cmd {} \;
Execute
the c
om
mand a
nd r
epla
ce {
} w
ith t
he full p
ath
-iname
Lik
e -
nam
e b
ut
is c
ase insensitiv
e
-ls
Dis
pla
y info
rmation a
bout
the file (
like ls -
la)
-size n
n is +
-n (
k M
G T
P)
-cmin n
File's
sta
tus w
as last
changed n
min
ute
s a
go.
# find . -type f ! -perm -444
# Find files not readable by all
# find . -type d ! -perm -111
# Find dirs not accessible by all
# find /home/user/ -cmin 10 -print
# Files created or modified in the last 10 min.
# find . -name '*.[ch]' | xargs grep -E 'expr'
# Search 'expr' in this dir and below.
# find / -name "*.core" | xargs rm
# Find core dumps and delete them
# find / -name "*.core" -print -exec rm {} \;
# Other syntax
# find . \( -name "*.png" -o -name "*.jpg" \) -print
# iname is not case sensitive
# find . \( -iname "*.png" -o -iname "*.jpg" \) -print -exec tar -rf images.tar {} \;
# find . -type f -name "*.txt" ! -name README.txt -print
# Exclude README.txt files
# find /var/ -size +1M -exec ls -lh {} \;
# find /var/ -size +1M -ls
# This is simpler
# find . -size +10M -size -50M -print
# find /usr/ports/ -name work -type d -print -exec rm -rf {} \;
# Clean the ports
Find files with SUID; those file have to be kept secure
# find / -type f -user root -perm -4000 -exec ls -l {} \;
14
.8M
isc
ell
an
eo
us
# which command
# Show full path name of command
# time command
# See how long a command takes to execute
# time cat
# Use time as stopwatch. Ctrl-c to stop
# set | grep $USER
# List the current environment
# cal -3
# Display a three month calendar
# date [-u|--utc|--universal] [MMDDhhmm[[CC]YY][.ss]]
# date 10022155
# Set date and time
# whatis grep
# Display a short info on the command or word
# whereis java
# Search path and standard directories for word
# setenv varname value
# Set env. variable varname to value (csh/tcsh)
# export varname="value"
# set env. variable varname to value (sh/ksh/bash)
# pwd
# Print working directory
# mkdir -p /path/to/dir
# no error if existing, make parent dirs as needed
# rmdir /path/to/dir
# Remove directory
# rm -rf /path/to/dir
# Remove directory and its content (force)
# cp -la /dir1 /dir2
# Archive and hard link files instead of copy
# cp -lpR /dir1 /dir2
# Same for FreeBSD
# mv /dir1 /dir2
# Rename a directory
15
IN
ST
AL
L S
OF
TW
AR
E
15
.1L
ist i
ns
ta
lle
d p
ac
ka
ge
s
# rpm -qa
# List installed packages (RH, SuSE, RPM based)
# dpkg -l
# Debian, Ubuntu
# pkg_info
# FreeBSD list all installed packages
— I
nsta
ll S
oft
ware
—
40
14
.2v
i
Vi
ispre
sent
on
AN
YLin
ux/U
nix
insta
llation
and
itis
there
fore
usefu
lto
know
som
ebasic
com
mands.
There
are
two
modes:
com
mand
mode
and
insert
ion
mode.
The
com
mands
mode
isaccessed w
ith
[ES
C],
the insert
ion m
ode w
ith
i.
Qu
it
:wnew
file
nam
esave t
he file t
o n
ew
file
nam
e:w
q o
r :
xsave a
nd q
uit
:q!
quit w
ithout
savin
g
Se
arch
an
d m
ov
e
/str
ing
Searc
h forw
ard
for
str
ing
?str
ing
Searc
h b
ack for
str
ing
nSearc
h for
next
insta
nce o
f str
ing
NSearc
h for
pre
vio
us insta
nce o
f str
ing
{M
ove a
para
gra
ph b
ack
}M
ove a
para
gra
ph forw
ard
1G
Move t
o t
he first
line o
f th
e file
nG
Move t
o t
he n
th lin
e o
f th
e file
GM
ove t
o t
he last
line o
f th
e file
:%s/
OLD
/N
EW
/g
Searc
h a
nd r
epla
ce e
very
occurr
ence
De
lete
te
xt
dd
dele
te c
urr
ent
line
DD
ele
te t
o t
he e
nd o
f th
e lin
ed
wD
ele
te w
ord
xD
ele
te c
hara
cte
ru
Undo last
UU
ndo a
ll c
hanges t
o c
urr
ent
line
14
.3m
ail
Themail
com
mand
isa
basic
application
tore
ad
and
send
em
ail,
itis
usually
insta
lled.
To
send
an
em
ail
sim
ply
type
"mail
user@
dom
ain
".The
firs
tline
isth
esubje
ct,
then
the
mail
conte
nt.
Term
inate
and s
end t
he e
mail w
ith a
sin
gle
dot
(.)
in a
new
lin
e.
Exam
ple
:
# mail [email protected]
Subject: Your text is full of typos
"For a moment, nothing happened. Then, after a second or so,
nothing continued to happen."
. EOT
# This
is a
lso w
ork
ing w
ith a
pip
e:
# echo "This is the mail body" | mail [email protected]
This
is a
lso a
sim
ple
way t
o t
est
the m
ail s
erv
er.
14
.4ta
r
The
com
mand
tar
(tape
arc
hiv
e)
cre
ate
sand
extr
acts
arc
hiv
es
of
file
and
directo
ries.
The
arc
hiv
e.t
ar
isuncom
pre
ssed,
acom
pre
ssed
arc
hiv
ehas
the
exte
nsio
n.t
gz
or
.tar.
gz
(zip
)or
.tbz
(bzip
2).
Do
not
use
absolu
tepath
when
cre
ating
an
arc
hiv
e,
you
pro
bably
want
tounpack
itsom
ew
here
els
e.
Som
e t
ypic
al com
mands a
re:
— U
sefu
l Com
mands —
37
Cre
ate
# cd /
# tar -cf home.tar home/
# archive the whole /home directory (c for create)
# tar -czf home.tgz home/
# same with zip compression
# tar -cjf home.tbz home/
# same with bzip2 compression
Only
inclu
de
one
(or
two)
dire
cto
ries
from
atre
e,
but
keep
the
rela
tive
stru
ctu
re.
For
exam
ple
arc
hiv
e /u
sr/lo
cal/e
tc a
nd /u
sr/lo
cal/w
ww
and th
e firs
t dire
cto
ry in
the a
rchiv
e s
hould
be lo
cal/.
# tar -C /usr -czf local.tgz local/etc local/www
# tar -C /usr -xzf local.tgz
# To untar the local dir into /usr
# cd /usr; tar -xzf local.tgz
# Is the same as above
Ex
tra
ct
# tar -tzf home.tgz
# look inside the archive without extracting (list)
# tar -xf home.tar
# extract the archive here (x for extract)
# tar -xzf home.tgz
# same with zip compression
# tar -xjf home.tgz
# same with bzip2 compression
# tar -xjf home.tgz home/colin/file.txt
# Restore a single file
Mo
re
ad
va
nce
d
# tar c dir/ | gzip | ssh user@remote 'dd of=dir.tgz'
# arch dir/ and store remotely.
# tar cvf - `find . -print` > backup.tar
# arch the current directory.
# tar -cf - -C /etc . | tar xpf - -C /backup/etc
# Copy directories
# tar -cf - -C /etc . | ssh user@remote tar xpf - -C /backup/etc
# Remote copy.
# tar -czf home.tgz --exclude '*.o' --exclude 'tmp/' home/
14
.5d
d
The
pro
gra
mdd
(dis
kdum
p)
isused
tocopy
partitio
ns
and
dis
ks
and
for
oth
er
copy
tricks.
Typic
al u
sage:
# dd if=<source> of=<target> bs=<byte size> conv=<conversion>
Importa
nt c
onv o
ptio
ns:
notrunc
do n
ot tru
ncate
the o
utp
ut file
, all z
ero
s w
ill be w
ritten a
s z
ero
s.
noerror
contin
ue a
fter re
ad e
rrors
(e.g
. bad b
locks)
sync
pad e
very
input b
lock w
ith N
ulls
to ib
s-s
ize
The
defa
ult
byte
siz
eis
512
(one
blo
ck).
The
MBR,
where
the
partito
nta
ble
islo
cate
d,
ison
the
first
blo
ck,
the
first
63
blo
cks
of
adis
kare
em
pty
.Larg
er
byte
siz
es
are
faste
rto
copy
but
require
als
o m
ore
mem
ory
.
Ba
ck
up
an
d r
esto
re
# dd if=/dev/hda of=/dev/hdc bs=16065b
# Copy disk to disk (same size)
# dd if=/dev/sda7 of /home/root.img bs=4096 conv=notrunc,noerror
# Backup /
# dd if /home/root.img of=/dev/sda7 bs=4096 conv=notrunc,noerror
# Restore /
# dd bs=1M if=/dev/ad4s3e | gzip -c > ad4s3e.gz
# Zip the backup
# gunzip -dc ad4s3e.gz | dd of=/dev/ad0s3e bs=1M
# Restore the zip
# dd bs=1M if=/dev/ad4s3e | gzip | ssh eedcoba@fry 'dd of=ad4s3e.gz'
# also remote
# gunzip -dc ad4s3e.gz | ssh eedcoba@host 'dd of=/dev/ad0s3e bs=1M'
# dd if=/dev/ad0 of=/dev/ad2 skip=1 seek=1 bs=4k conv=noerror
# Skip MBR
# This is necessary if the destination (ad2) is smaller.
Re
co
ve
r
The
com
mand
dd
will
read
every
sin
gle
blo
ck
of
the
partito
n,
even
the
blo
cks.
Incase
of
pro
ble
ms
itis
bette
rto
use
the
optio
nconv=sync,noerror
so
dd
will
skip
the
bad
blo
ck
and
— U
sefu
l Com
mands —
38
write
zero
sat
the
destin
atio
n.
Accord
ingly
itis
importa
nt
toset
the
blo
ck
siz
eequal
or
sm
alle
rth
an
the
dis
kblo
ck
siz
e.
A1k
siz
eseem
ssafe
,set
itw
ithbs=1k.
Ifa
dis
khas
bad
secto
rsand
the
data
should
be
recovere
dfro
ma
partito
n,
cre
ate
an
image
filew
ithdd,
mount
the
image
and
copy
the
conte
nt
toa
new
dis
k.
With
the
optio
nnoerror,
dd
will
skip
the
bad
secto
rsand
write
zero
s in
ste
ad, th
us o
nly
the d
ata
conta
ined in
the b
ad s
ecto
rs w
ill be lo
st.
# dd if=/dev/hda of=/dev/null bs=1m
# Check for bad blocks
# dd bs=1k if=/dev/hda1 conv=sync,noerror,notrunc | gzip | ssh \
# Send to remote
root@fry 'dd of=hda1.gz bs=1k'
# dd bs=1k if=/dev/hda1 conv=sync,noerror,notrunc of=hda1.img
# Store into an image
# mount -o loop /hda1.img /mnt
#Mount the image
(page 12)
# rsync -ax /mnt/ /newdisk/
# Copy on a new disk
# dd if=/dev/hda of=/dev/hda
# Refresh the magnetic state
# The above is useful to refresh a disk. It is perfectly safe, but must be unmounted.
De
lete
# dd if=/dev/zero of=/dev/hdc count=1
# Delete MBR and partiton table
# dd if=/dev/zero of=/dev/hdc
# Delete full disk
# dd if=/dev/urandom of=/dev/hdc
# Delete full disk better
# kill -USR1 PID
# View dd progress (Linux only!)
14
.6s
cre
en
Scre
en h
as tw
o m
ain
functio
nalitie
s:
•Run m
ultip
le te
rmin
al s
essio
n w
ithin
a s
ingle
term
inal.
•A
sta
rted
pro
gra
mis
decouple
dfro
mth
ere
al
term
inal
and
can
thus
run
inth
ebackgro
und. T
he re
al te
rmin
al c
an b
e c
losed a
nd re
atta
ched la
ter.
Sh
ort s
ta
rt e
xa
mp
le
sta
rt scre
en w
ith:
# screen
With
inth
escre
en
sessio
nw
ecan
sta
rta
long
lastin
gpro
gra
m(lik
eto
p).
Deta
ch
the
term
inal
and re
atta
ch th
e s
am
e te
rmin
al fro
m a
n o
ther m
achin
e (o
ver s
sh fo
r exam
ple
).
# top
Now
deta
ch w
ithC
trl-a
Ctr
l-d. R
eatta
ch th
e te
rmin
al w
ith
# screen -r
or b
ette
r:
# screen -R -D
Atta
ch
here
and
now
.In
deta
ilth
ism
eans:
Ifa
sessio
nis
runnin
g,
then
reatta
ch.
Ifnecessary
deta
ch a
nd lo
gout re
mote
ly firs
t. If it was n
ot ru
nnin
g c
reate
it and n
otify
the u
ser.
Scre
en
co
mm
an
ds (
wit
hin
scre
en
)
All s
cre
en c
om
mands s
tart w
ithC
trl-a
.•
Ctr
l-a ?
help
and s
um
mary
of fu
nctio
ns
•C
trl-a
ccre
ate
an n
ew
win
dow
(term
inal)
•C
trl-a
Ctr
l-nan
dC
trl-a
Ctr
l-pto
sw
itch
toth
enext
or
pre
vio
us
win
dow
inth
elis
t,by
num
ber.
•C
trl-a
Ctr
l-Nw
here
N is
a n
um
ber fro
m 0
to 9
, to s
witc
h to
the c
orre
spondin
g w
indow
.•
Ctr
l-a "
to g
et a
navig
able
list o
f runnin
g w
indow
s•
Ctr
l-a a
to c
lear a
mis
sed C
trl-a•
Ctr
l-a C
trl-d
to d
isconnect a
nd le
ave th
e s
essio
n ru
nnin
g in
the b
ackgro
und
•C
trl-a
xlo
ck th
e s
cre
en te
rmin
al w
ith a
passw
ord
— U
sefu
l Com
mands —
39
